This report has been prepared so that I could describe and analyse my first five years in the role of the Auditor-General for Australia and from this analysis draw some reflections on the performance of the Australian public sector. The following chapters present description and analysis, while this foreword presents some reflections.

These reflections go to areas where I believe the public sector could become better, however, they should not be seen to infer that Australia does not have a public sector of which in most respects it can be proud. The scepticism of mind and risk-based approach of audit process and selection could lead an avid reader of audit reports to an unwarranted negative view. However, over 50 per cent of performance audits undertaken in the past five years have found entities’ performance to be either fully or largely effective.

The Australian National Audit Office (ANAO) is a critical part of the accountability/integrity framework for the Australian public sector. A key underpinning of this is the independence of the Auditor-General and the ANAO. The importance of independence only became completely clear to me when, after 30 years in the public service, I became an Auditor-General. Although in the public service people talk about being apolitical and providing frank and fearless advice (and I always tried to act that way), what that looks like is, and probably should be, starkly different from the statutory independence of the public sector auditor. The public sector exists to serve the government, the Parliament and citizens. As a public auditor, the ANAO exists to serve the Parliament and citizens. To be effective, public auditors cannot see their future as either individually or organisationally tied to the perceptions of, or reactions to, their work by government. That is why Auditors-General should have fixed terms (preferably non-renewable), have complete discretion over what they audit and how they audit it, have their budgets set by the Parliament with a limited role for government and not be subject to administrative directions by the government.

In my experience the impact of audit on public sector performance is pervasive and positive. It is far more than the publication of a report. The mere existence of audit (both financial and performance) moderates public sector activities to be more consistent with the expectations set out in its legislative and regulatory framework. For example:

• Nowhere is this clearer than in the difference in the assurance that the Parliament can have with respect to audited financial statements versus unaudited non-financial performance statements. Over the past five years the ANAO has published seven audits covering 34 entities in relation to the revised non-financial performance reporting framework established by the Public Governance, Performance and Accountability Act 2013 (PGPA Act). The results of these audits indicate that there is still substantial improvement that needs to be made to entities’ non-financial performance reporting before they can be fully relied on by Parliament. On the other hand, the quality of audited financial statements is consistently high. This is why I strongly support the introduction of mandatory auditing of entity performance statements in a similar manner to which financial statements are audited.
• It is also demonstrated by the regularity with which entities begin reviews of an activity to clean up their systems as soon as a potential performance audit is flagged.
• Published reports play a critical role in the accountability framework, in particular in providing the evidence base for the Parliament to hold the executive government to account.

Audit reports also provide important information for the sector to learn from the successes and failures of others. There are good examples of the public sector operating as a learning system, not least some early evidence in its design of the response to COVID-19, where we have seen how the system has learned from previous failures in dealing with rapid implementation. But there are also too many cases where entities have not learned from the past.¹ It concerns me when entities’ responses to audit reports try to publicly diminish the value of the report by suggesting that: a conclusion refers to a minor issue, when under auditing standards a negative conclusion can only relate to a material finding; the entity was already aware of the issue and was dealing with it, when evidence does not support this; or an audit hasn’t appropriately taken account of context, when the entity is really seeking to hide the conclusions in a narrative of excuses. I do not think a learning culture can be nurtured when the leadership of an entity fails to demonstrate that they are willing to confront the facts of performance presented by an audit.

The analysis of evidence from performance audits supports the view that the Australian Public Service has strong capability in relation to policy development, with a statistical correlation between positive audit conclusions and activities related to policy development. Audits related to the design stage of the delivery continuum also have a high proportion of positive conclusions.

On the other hand there is strong evidence, from both performance and financial audits, that the public sector’s approach to procurement regularly falls short of expectations set out in the regulatory frameworks. This is of particular concern given that procurement is a core activity of government and fundamental to the delivery of many of its services. In 2018–19 entities reported contracts with a combined value of $64.5 billion on AusTender. In many cases it is difficult for entities to be able to demonstrate that they have provided value in the use of public resources. It is also particularly concerning that we regularly see entities complying with the letter of the procurement rules but not with their intent. Often the evidence suggests that the decision to exempt procurements from open competition has been based more on it being a less costly and easier process for the entity to undertake, rather than a focus on the overall value of the use of taxpayers’ funds.

Developing capability in procurement, including contract management, should be a priority for public sector leaders.

Regulatory activity is the second category recording a high proportion of negative audit conclusions. Like procurement, regulation is an important function of the Australian Government and high quality regulation (whether of the private, not for profit or public sector) is crucial for the proper functioning of society and the economy. In many cases, audit findings raise issues with respect to the appropriate implementation of risk-based approaches to regulation. Risk-based regulation is important in ensuring that the burden of regulation is appropriate. However, it can only be successful if accountable authorities of entities utilise available evidence to develop a strategic, diligent and risk-based regulatory compliance approach and consistently implement this. Too strong a focus on ‘red tape’ reduction, including through not utilising the full range of regulatory powers provided by the Parliament, can often be at the expense of effective outcomes.

Further effort in improving the implementation of regulation by government entities is required.

Also of concern is that the analysis of both financial and performance audits indicate there is much that needs to be done to improve the delivery of services to Indigenous Australians. Indigenous programs in the Prime Minister and Cabinet portfolio have the highest proportion of negative conclusions from performance audits of any portfolio, while the Prime Minister and Cabinet portfolio had the highest number of findings from financial audits, overwhelmingly in Indigenous related entities.

Given the priority successive governments have given to Indigenous policy these findings are disappointing.

That said, the results of ANAO financial audits over the past five years indicate the high quality of financial reporting by Australian Government entities. This is reflected in the fact that only one qualified audit report has been issued over the period and the trend has been for the number of audit findings to decline. Good financial reporting arrangements are one of the key components of quality financial management. The quality of financial reports in the Australian public sector is therefore a positive indicator that financial management in the sector is generally sound.

However, the category which consistently has the most number of financial audit findings raised relates to the information technology control environment, with the most common area relating to weaknesses in security management. These findings are consistent with the conclusions in performance audits of cyber security, which have also consistently identified non-compliance.

With cyber security being an area of government priority for many years, these findings are disappointing.

The public sector operates largely under a self-regulatory approach. Policy owners — for example the Department of Finance for resource management (including procurement and grants); the Attorney-General’s and Home Affairs departments for cyber security; and the Australian Public Service Commission for integrity — establish the rules of operation and then largely leave it to entities’ accountable authorities to be responsible for compliance. There are almost no formal mechanisms in these frameworks to provide assurance on compliance. Often the ANAO is the only source of compliance reporting and our resources mean that coverage is quite limited. While I agree that accountable authorities must be responsible for entities’ compliance, it is also clear that policy owners need to be held accountable if the regulatory frameworks they put in place for the public sector do not result in an acceptable level of compliance. For this to occur, they should at least have processes in place to identify the level of compliance and be willing to modify their regulatory approach if it is not working. Unfortunately, this has not been a common approach.

In many cases where the ANAO identifies weaknesses in public sector’s effectiveness, questions could be raised around the capability, expertise and experience of those involved in the activity. It may be worthwhile reviewing whether the balance between subject matter expertise and generic leadership competencies is appropriately considered when establishing leadership teams.

Over the past five years, I have had a number of key areas of focus in leading the ANAO. In particular these have been:

• audit quality — by increasing transparency of what quality means in the ANAO and how we assess it; greater focus on benchmarking against other audit offices; enhancing external scrutiny through peer-review arrangements with the New Zealand Office of the Auditor-General; and by voluntarily having the Australian Securities and Investments Commission review the ANAO’s financial audit files;
• communication — by focusing on the accessibility and readability of reports along with digital publication; and increasing engagement with ANAO’s international and domestic counterparts;
• coverage of the ANAO’s mandate — by undertaking performance audits of Government Business Enterprises; developing new audit methodologies for performance statements and efficiency audits; and providing a greater range of assurance to the Parliament through assurance reports and information reports;
• transparency of business operations — by making the ANAO’s audit methodology publicly available; publishing information on engagement with the Parliament; providing greater clarity around the audit prioritisation framework; and improving corporate disclosures (such as gifts and benefits);
• efficiency of work performed — by investing in data analytics; a more collaborative work environment; and information technology capabilities; and
• workforce capability.

A challenge that has increasingly faced the ANAO’s performance audit work is how the culture of an organisation is considered during an audit. The performance of an entity cannot always be determined by the extent to which it complies with a particular framework. In many audits, culture comes into the frame in relation to the governance arrangements of organisations. This became most obvious in our audits of cyber security where it quickly became clear that complying with the minimum requirements of the framework (such as the Australian Signals Directorate’s Top Four cyber mitigation strategies) was not a sufficient test for cyber security. The ANAO developed a framework of cyber resilience designed to consider whether entities had developed a cyber security culture. Similar issues exist in other compliance audits, such as in procurement and grants management, where culture is a driver of the proper use of public resources. Compliance with minimum standards is essential, but internal culture drives entity behaviours and affects whether their approach to compliance results in actions consistent with the intended outcomes of a framework.

In this respect, a key area of weakness that I believe still remains in the ANAO’s application of its mandate relates to our work on ethics — the fourth ‘e’ in the definition of proper use and management of public resources in the Public Governance, Performance and Accountability Act 2013. Most audit work we do in the other three areas — effectiveness, economy and efficiency — can draw on performance against clearly defined objectives, frameworks, rules or standards. However, the area of ethical behaviour can be much more nuanced. It is clearly unethical to comply with the letter of a rule, but in a way which undermines its intent. For example, using the provision of ‘extreme urgency brought about by events unforeseen’ to grant an exemption from open competitive tendering, simply because the procurement process was left too late. While ANAO audits have outlined the facts of these situations, I have been reluctant to call out the ethics of this behaviour — after all it may have just been inefficiency or incompetence. However, I think a reluctance on my part to make findings on the ethics of particular actions is unsustainable. On this basis, the development of an audit methodology to assess ethics is a priority for the second half of my term as Auditor-General for Australia.

An important role of the ANAO is to assist the Parliament in holding the executive government to account. It is important to note that the ANAO relies on its audit work to do this. To this end, the ANAO will always let an audit report ‘speak for itself’, rather than providing commentary outside of the audit work undertaken. Submissions and evidence before parliamentary committees are geared towards assisting the Parliament to understand findings and conclusions. I do not see it as the ANAO’s role to do more than this, nor to provide anything other than factual briefings to parliamentarians or the media. Briefings and appearances are important in assisting parliamentarians to understand — in a neutral way — what is required of entities in executing activities and how they have performed in doing so. In similar parliamentary democracies around the world, audit offices provide an advisory function to parliaments in a more systematic way than the ANAO currently does. As Australian Government models of service delivery change to meet community need, this is an area where the ANAO could do more, if the Parliament so desired.

While a number of people in the ANAO provided input into the preparation of this document, I want to particularly acknowledge Sam Painting who provided valuable input into its planning, and Se Eun Lee who was critical in undertaking its analysis and drafting.

Grant Hehir
Auditor-General

Public sector accountability

2.6 The Australian public sector operates under an accountability model that consists of interconnected legal and regulatory frameworks, creating vertical and horizontal accountability relationships between the electorate, the Parliament, the government and public officials.

Figure 2.1: Australian public sector accountability framework

 

 

Source: ANAO.

2.7 The executive government is accountable to the Parliament for their performance and operate under a number of key legislative frameworks set by the Parliament, such as the Public Governance, Performance and Accountability Act 2013 (PGPA Act) which governs the use and management of public resources. Consistent with relevant legislation, the Australian Government develops rules and sets out policy frameworks to be implemented by departments and other agencies. Accountable authorities of each Commonwealth entity may also set in place internal frameworks to instruct officials on certain matters.

2.8 The Australian public sector is expected to operate within these frameworks when carrying out its functions. The maintenance of clear lines of accountability within the public sector is crucial in providing confidence to the Parliament and the Australian public that the public sector is delivering advice and services in a transparent and accountable way, in line with the values of a modern and open democratic society.

Role of the Auditor-General in the accountability framework

2.9 The office of the Auditor-General was the first statutory integrity agency established by the Commonwealth Parliament, following the passage of the Audit Act 1901.² That Act was the fourth piece of legislation passed by the new Commonwealth Parliament. As such, the functions and role of the Auditor-General are well established in the accountability framework of the Australian public sector.

2.10 The role of the Auditor-General is to provide independent reporting and assurance to Parliament on whether the executive is operating in accordance with Parliament’s intent, and within the executive’s own policy and rule framework, to achieve desired objectives. The two main assurance functions of the Auditor-General are:

• an annual program of mandatory financial statements audits, which ensure the executive’s accountability to the Parliament for the expenditure of public funds; and
• a wide-ranging program of performance audits, which touches on many aspects of government entities’ resource management, governance and performance.

2.11 The Auditor-General’s mandate extends to all aspects of Commonwealth entities’ efficiency, effectiveness, economy and ethical behaviour in their use and management of public resources. Thus, the role and functions of the Auditor-General are critical in facilitating the flow of accountability from the executive government to the Parliament, and ultimately to the broader community.

Importance of audit independence

2.12 Independence is the foundation on which the value of an audit is built.³ Independence requirements for auditors are set out in professional standards and legislation. APES 110 Code of Ethics for Professional Accountants (APES 110) applies to all audits conducted in accordance with Australian Auditing Standards.⁴ Under APES 110, independence comprises two critical elements:

• independence of mind – the state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity and exercise objectivity and professional scepticism; and
• independence in appearance – the avoidance of facts and circumstances that are so significant a reasonable and informed third party would be likely to conclude, weighing all the specific facts and circumstances, that a firm’s, or a member of the audit team’s, integrity, objectivity or professional scepticism has been compromised.⁵

2.13 For audits of companies, Divisions 3, 4 and 5 of Part 2M.4 and section 307C of the Corporations Act 2001 apply.

2.14 Independence is critical to maintaining trust and confidence in audit work, which in turn is fundamental to the impact of that work. An auditor must be independent, and be seen to be independent, for their opinions, findings, conclusions, judgments and recommendations to be impartial and viewed as impartial by reasonable and informed third parties.

Auditor-General’s independence

2.15 The statutory independence of the Auditor-General is provided for in the Auditor-General Act 1997 (the Act). Section 8 of the Act establishes the Auditor-General as an independent officer of the Parliament, and provides that the Auditor-General has complete discretion in the performance or exercise of functions or powers. In exercising the mandatory and discretionary functions and powers, the Auditor-General is not subject to direction from anyone in relation to:

• whether or not a particular audit is to be conducted;
• the way in which a particular audit is to be conducted; or
• the priority to be given to any particular matter.⁶

2.16 There are other legislative provisions that ensure the Auditor-General’s independence. Under section 9 and schedule 1 of the Act, the Auditor-General is appointed by the Governor-General, on the recommendation of the Parliament’s Joint Committee of Public Accounts and Audit (JCPAA) and the Prime Minister, for a non-renewable term of 10 years. This reduces the risk that the Auditor-General’s judgment may be impacted by allegiance from appointment or a desire to be reappointed.

2.17 The Auditor-General can only be removed from office by the Governor-General, at the request of both Houses of Parliament, on the grounds of misbehaviour, or physical or mental incapacity.⁷ This enhances the independence of the office as the Auditor-General will not be inclined to provide positive reports for fear of removal.

2.18 In respect of individual audits, there are two elements that preserve the Auditor-General’s independence. Commonwealth entities can only be audited by the Auditor-General. Auditees are also unable to prevent the commencement or progression of an audit once the Auditor-General determines the audit would be conducted. This strengthens the independence of audit work as entities cannot seek an alternative audit arrangement in the event of adverse findings.

2.19 Section 50 of the Act states that money is to be appropriated by the Parliament for the purposes of the Audit Office. This means that audit fees are ‘paid for’ by the Parliament and not the entities which the ANAO audits,⁸ reducing the risk that fee negotiations with audited entities can result in a conflict between audit quality and economic self-interest.

2.20 The ANAO is established under section 38 of the Act to assist the Auditor-General in performing the Auditor-General’s functions. Directions to ANAO staff relating to the performance of the Auditor-General’s functions may only be given by the Auditor-General or a member of the staff of the Audit Office authorised to give such directions by the Auditor-General. This prevents staff undertaking the Auditor-General’s functions from being subject to external direction for audit-related functions.

Challenges to the Auditor-General’s independence

2.21 The current legislative frameworks within which the ANAO operates contain several challenges to the Auditor-General’s independence.⁹ A recent review of public sector auditor independence undertaken by the Australasian Council of Auditors-General (ACAG) found that the ANAO was ranked lower than a number of other ACAG offices on independence.¹⁰

2.22 For administrative purposes, the ANAO is an entity within the Prime Minister and Cabinet portfolio and subject to the Public Service Act 1999. This creates a challenge for the ANAO to accomplish its mandate to provide independent oversight of the Australian Public Service (APS), while fulfilling responsibilities as an entity operating under the requirements of that framework. Further, as members of the APS, the Deputy Auditor-General and ANAO staff are potentially subject to external direction under the framework.

2.23 As a non-corporate Commonwealth entity, the ANAO is subject to policies of the Australian Government that have the potential to impact the Auditor-General’s independence. Whole-of-Government rulings or the ANAO’s inclusion in APS-wide service arrangements or tendering processes could require the ANAO to adopt policies or use services that the ANAO would also need to audit.

2.24 Under section 19 of the PGPA Act, the Auditor-General, as the accountable authority of the ANAO, has a duty to keep the responsible minister and the Finance Minister informed. This means the executive retains the ability to demand reports, documents and information of the ANAO’s activities. There is an inherent risk of conflict because the ANAO’s role is to scrutinise the executive.

2.25 The executive also has the ability to prevent the publication of certain materials in Auditor-General reports. Under section 105D of the PGPA Act, the Finance Minister may use written determinations to require modifications of material that relate to designated activities of intelligence or security agencies or listed law enforcement agencies. Further, paragraph 37(1)(b) of the Auditor-General Act provides that the Attorney-General can issue a certificate to the Auditor-General preventing the latter from including particular information in a public report, if the Attorney-General is of the opinion that such disclosure would be contrary to public interest.

2.26 On 28 June 2018, the Attorney-General issued such a certificate, which required the omission of material from the performance audit report Army’s Protected Mobility Vehicle—Light.¹¹ This was the first performance audit tabled by the Auditor-General of Australia with a disclaimer of conclusion.¹² The issuance of a section 37 certificate presented one of the most significant challenges to the independence of the office of the Auditor-General in recent times, with the potential to affect the Parliament’s scrutiny of the executive by limiting the Auditor-General’s independent reporting to Parliament. In a subsequent parliamentary inquiry, the JCPAA made a number of recommendations that the Committee proposed be given detailed consideration on the next occasion a section 37 certificate is issued or at the next review of the Act, whichever is the earlier.¹³

Relationship with the Australian Parliament

2.27 The ANAO’s primary relationship is with the Australian Parliament, particularly the JCPAA. The Public Accounts and Audit Committee Act 1951 provides for the appointment of the Committee and establishes a formal link between the Auditor-General and the Parliament.

2.28 In addition to reports tabled in the Parliament, the ANAO’s assistance to the Parliament occurs through the provision of submissions and information and appearances before parliamentary committees, and briefings to individual parliamentarians. The ANAO publishes on its website briefings provided to parliamentarians and parliamentary committees about audits and related services. Table 2.1 below summarises the number of appearances and submissions to parliamentary committees from 2015–16 to 2019–20.

Table 2.1: Number of appearances and submissions to parliamentary committees

Source: ANAO annual reports 2015–16 to 2019–20.

Responsiveness to Parliamentary recommendations

2.29 In recent years, the JCPAA and other parliamentary committees have expressed interest in the performance of Australian Government entities in relation to implementing audit and parliamentary recommendations.¹⁴ Recommendations from parliamentary committees and the ANAO’s performance audits identify risks and shortcomings to the successful delivery of outcomes. Recommendations can specify actions aimed at addressing those risks and identify opportunities for improving entity administration. Tabling an agreed response to a recommendation in the Parliament represents a formal commitment by the government or entity to Parliament to implement the recommended action. The adequate and timely implementation of agreed recommendations is an important element of realising the full benefit of those recommendations, and serves to demonstrate the entity’s commitment to improving public administration.

2.30 Along with follow-up audits examining the implementation of ANAO recommendations¹⁵, the ANAO has established a program of work to examine entities’ implementation of recommendations from parliamentary committees. Out of 62 parliamentary committee recommendations examined across eight performance audits tabled in 2015–16 to 2019–20, the ANAO found that 44 recommendations (71 per cent) were fully implemented, 11 (17.7 per cent) were partially implemented and seven (11.3 per cent) were not implemented, at the time of respective audits.

2.31 In November 2019, the ANAO published an edition of Audit Insights outlining the approaches entities are taking to implement recommendations to improve public administration practices and outcomes. The Audit Insight summarised that entities with strong governance structures were more likely to have successfully implemented recommendations. Features of strong governance arrangements included:

• having established processes for responding to recommendations;
• clearly assigning responsibility for implementing recommendations;
• developing implementation plans;
• monitoring and tracking implementation; and
• reporting to and review by the entity’s audit committee on the progress of implementation.

Impact of audit

2.32 The impact of audit can be difficult to assess. What is clear is that impact should not simply be measured by high profile audits like Auditor-General Report No. 12 of 2010-11 Home Insulation Program, or Report No. 23 of 2019–20 Award of Funding under the Community Sport Infrastructure Program, where interest in the issues raised by the ANAO spilled into wider debate in the Parliament and the community. Nor can it be judged only by the direct impact of audit work, such as:

• the number of audit recommendations, or subsequent parliamentary committee recommendations, agreed and implemented; and
• issues identified and rectified by the auditee during an audit. This almost always occurs whether it is a financial audit or a performance audit. The placing of a potential topic on the annual audit work program (AAWP), or the commencement of an audit, often leads to the audited entity undertaking actions to resolve known issues.

2.33 The fact that independent external audit exists, and the accompanying potential for scrutiny, improves performance. One indicator of this is the major difference in quality between the annually audited financial statements and the rarely audited non-financial performance information of entities (now presented in the form of annual performance statements). Australian Government entities largely produce high quality financial statements, which are rarely qualified with few significant audit findings.¹⁶ ANAO performance audits which consider non-financial performance information regularly find that they do not meet the relevant, reliable and complete principles¹⁷ as set out in the Department of Finance’s guidance.¹⁸

2.34 The impact of the ANAO’s ongoing scrutiny can be seen at both the individual program and whole-of-system levels. Several times a year, the ANAO also collates key learnings from audit reports in thematic publications called Audit Insights, which further facilitate improvements by communicating important lessons for the public sector to utilise.

Program improvements

2.35 Program-level improvements usually occur: in anticipation of ANAO audit activity; during an audit engagement as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

In anticipation of audit

2.36 The potential for scrutiny from the ANAO often motivates entities to conduct a review of their own performance. The ANAO’s AAWP plays a key role in driving improvement in the sector before audits formally commence.

2.37 The AAWP development process starts with an environmental scan to develop a comprehensive understanding of: areas of parliamentary interest; changes and trends in the Australian Government sector; and risks to the achievement of government and legislative objectives. This involves extensive analysis across all areas of government service delivery, policy development, and regulatory, compliance and corporate activity. The ANAO also looks at the delivery of large scale investments and procurements, major change programs, areas of significant citizen reliance, and large outflows of government funds.

2.38 Through this process, the ANAO determines areas of audit focus based on portfolio-specific risks and room for improvement identified in prior-year audits and other reviews, as well as emerging sector-wide risks from new investments, reforms or operating environment changes. Entities are consulted on the draft AAWP and invited to provide comments and feedback. This process engages entities in discussions of risk and risk management, and helps both the ANAO and the entities build an informed understanding of material risks within the portfolio.

2.39 As well as early engagement on entity risks, the ANAO flags potential audit topics months in advance by publishing the AAWP for the financial year in early July, outlining the planned audit coverage for the Australian Government sector.¹⁹ The AAWP therefore signals to entities that certain programs are considered higher risk by the ANAO and may require closer attention. It is not uncommon for entities to start an internal process to review the program flagged in the AAWP as a potential audit topic. In these cases, by the time an audit commences the entity may have self-identified some of the issues the audit will consider, and begun addressing these issues.

2.40 These review processes can help strengthen the entity’s governance and risk management frameworks by bringing to management’s attention issues and risks that may have been previously unrecognised or unmanaged. The process can also encourage entities to embed regular internal reviews as part of their project management practices.

2.41 Even where the entity has already reviewed the program that will be audited, the ANAO’s independent assurance plays a crucial role in ensuring transparency and accountability. There is a substantial difference between management-initiated internal reviews²⁰ and external audit. In the former, the management sets the terms of reference, controls access to information, potentially influences the methodology applied, and generally does not make the results available publicly. In contrast, an external audit by the ANAO has scope and methodology determined independently, is supported by extensive access powers, is made public through tabling in Parliament and is undertaken to assist Parliament to scrutinise the entity’s performance. In addition to greater transparency through public reporting to Parliament, the benefits of ANAO audit can include the following:

• where a review is ongoing at the time of audit, the ANAO can suggest areas of focus to realise the full benefit of the review process²¹;
• where the entity is addressing review findings at the time of audit, the ANAO can make suggestions to help strengthen its processes to fully implement the intent of recommendations made²²;
• where review recommendations have recently been implemented, the ANAO can provide assurance over the effectiveness of measures taken in response to review findings, such as whether relevant risks have been fully addressed²³; and
• ANAO audits can benchmark the entity’s performance against other Commonwealth entities or other jurisdictions, and draw out key lessons for the rest of the sector.²⁴

During audit engagement

2.42 For both financial and performance audits, the ANAO seeks to ensure communication throughout the audit process such that there are ‘no surprises’ in the final audit report.²⁵ This approach provides opportunities for entities to consider the audit findings during the course of the audit. As discussed above, entities will often begin to address issues as they emerge during the audit process. New evidence emerging from these actions is generally taken into consideration in compiling the final audit report.

2.43 Throughout the financial audit process, the ANAO undertakes regular meetings and liaises with the entity to deal promptly with any issues that may emerge. Findings raised during the interim audit phase (reported to Parliament in the Interim Report on Key Financial Controls of Major Entities) are often addressed by the final audit phase (reported to Parliament in Audits of the Financial Statements of Australian Government Entities), allowing the ANAO to downgrade or close the finding.

2.44 Performance audits also involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

• strengthening governance arrangements²⁶;
• initiating reviews²⁷; and
• revising and updating policies or guidelines.²⁸

After the completion of audit

2.45 Through the tabling of audit reports, the ANAO reports to the Parliament on areas where improvements can be made to aspects of public administration and makes specific recommendations to assist public sector entities improve performance.

2.46 As outlined above, tabling an agreed response to a recommendation in the Parliament comprises a formal commitment by the government or entity to the Parliament to implement the recommended action. The ANAO conducts follow-up performance audits to examine the implementation of agreed ANAO and parliamentary recommendations.²⁹ The role of parliamentary committees is also crucial in ensuring that entities are addressing the issues identified in the ANAO’s audit reports.

2.47 The JCPAA is required to review all reports that the ANAO tables in the Parliament and to report on the results of its deliberations to both houses of Parliament. The JCPAA tabled 29 reports from its inquiries from 2015–16 to 2019–20³⁰, examining 57 Auditor-General reports. Committee reports may contain recommendations of their own to government or relevant entities, such as to report back to the committee on progress on the implementation of recommendations. This ensures the Parliament maintains scrutiny over key areas of risk.

2.48 For example, Auditor-General Report No. 25 of 2014–15 Administration of the Fifth Community Pharmacy Agreement examined the effectiveness of the development and administration of the Fifth Community Pharmacy Agreement (5CPA). The report found shortcomings in important aspects of the Department of Health’s (Health) administration of the 5CPA, including in: the clarity of the 5CPA and related public reporting; record-keeping; the application of financial framework requirements; risk management; and seeking ministerial approvals. The report also concluded that Health was not in a position to assess the extent to which the agreement had met its key objectives, including achieving $1 billion in expected savings. The ANAO made eight recommendations aimed at improving the overall administration of the 5CPA and informing the development of the next community pharmacy agreement. Health agreed to all eight recommendations.

2.49 In June 2015, the JCPAA selected Report No. 25 for further review and scrutiny at public hearings. In its submission to the inquiry, Health stated that:

The themes and recommendations of the ANAO Report have been reflected in the 6CPA [Sixth Community Pharmacy Agreement], both in terms of the negotiation and agreement finalisation process, and in the 6CPA itself.³¹

2.50 Health outlined some of the actions taken in response to the ANAO’s recommendations, which included: applying the principle of value for money in the design of 6CPA; appointing a full-time senior probity and risk officer to support the negotiations; and implementing a mandatory requirement for all staff in the Pharmaceutical Benefits Division to undertake record-keeping and risk management training.

2.51 In response to one of the recommendations from JCPAA’s subsequent report³², the ANAO conducted a follow-up audit to examine Health’s implementation of the ANAO’s recommendations from Report No. 25 in the context of the negotiation and implementation of the 6CPA. The audit concluded that as at May 2016, six of the eight recommendations were fully implemented with Health completing the necessary actions in a timely manner. The remaining two recommendations were partially implemented. The audit report also noted that:

The various actions taken by Health in response to the Fifth Community Pharmacy Agreement audit recommendations have resulted in improved transparency of funding under the Sixth Community Pharmacy Agreement, better recordkeeping and contract management processes, and an enhanced financial and performance reporting framework.³³

System improvements

2.52 Through audit and related functions, the ANAO contributes to the development and implementation of whole-of-system reforms that seek to improve the utilisation and management of public resources across the public sector. Key areas of contribution include driving improvements in: public finance; performance; transparency and integrity; and compliance.

Improving public finance

2.53 The ANAO presents two reports to Parliament annually, addressing the outcomes of the financial statements audits of all Australian Government entities and the Consolidated Financial Statements of the Australian Government. The aim of the financial statements audit is to provide independent assurance that the entity’s financial statements are free from material misstatement, whether due to fraud or error, and that they have been prepared in accordance with the government’s financial reporting framework and Australian accounting standards.

2.54 The ANAO’s independent reports support the integrity and transparency of the public sector’s use of resources and provide assurance that the information about Commonwealth entities’ financial performance and position are free from material misstatement and presented fairly. The ANAO’s audit procedures include:

• assessing the effectiveness of management’s internal controls over financial reporting and legal compliance, where the ANAO intends to rely on the controls;
• examining, on a test basis, information to provide evidence supporting the amounts and disclosures in the financial statements; and
• assessing the appropriateness of the accounting policies and disclosures used, and the reasonableness of significant accounting estimates made by the accountable authority.

2.55 The audit procedures also extend to key aspects of legislative compliance, such as requirements relating to the appropriation of monies. The results of relevant performance audits are also considered in determining the auditor’s report on the financial statements.

2.56 The PGPA Act requires each reporting entity to include a copy of the financial statements and the auditor’s report in its annual report. Annual reports inform the Parliament, through the responsible minister, and other stakeholders about the performance of entities and assist the Parliament in its deliberations, including on whether, or at what level, to fund particular programs for delivery by an entity.

2.57 The existence of the ANAO’s mandatory annual financial statements audit program enforces good financial reporting practices. The importance of continuous external scrutiny is emphasised when comparing the overall high quality of financial statements to performance statements. Out of 1236 auditor’s reports issued on entity financial statements for financial years 2014–15 to 2018–19³⁴, only one auditor’s report was qualified³⁵ and 22 contained emphasis of matter paragraphs.³⁶ In comparison, three performance audits and one assurance audit of 14 entities’ performance statements from 2015–16 to 2019–20 have shown that none of the entities have fully met the objectives of performance reporting under the PGPA Act – to provide the Parliament and the public with meaningful information, including by establishing performance measures that are relevant, reliable and complete. An ongoing program of assurance audits of annual performance statements of Commonwealth entities is being piloted.³⁷

2.58 The ANAO’s assurance work also helps entities identify and manage risks to quality financial management. The ANAO directs audit effort to areas most expected to contain risks of material misstatement, whether due to fraud or error, with correspondingly less effort directed at other areas. Risks may arise due to the nature of, or changes in, the entity’s business environment and business and accounting processes, including information technology. Sources of risk include changes in the entity’s functions or objectives, complexity, financial market volatility, global uncertainty, or changes in legislation or the financial reporting framework. The preparation of timely and accurate audited financial statements is an important indicator of the effectiveness of an entity’s financial management, which fosters confidence in the entity on the part of users.

2.59 In its report tabled in Parliament in around December each year, the ANAO analyses the balance sheet positions of material Australian Government entities. The balance sheet lists the entities’ assets and liabilities and is an important measure of its financial position at a point in time. As the National Commission of Audit reported in 2014:

It is the position of the Commonwealth balance sheet which heavily influences credit ratings and borrowing costs and is an important indicator of short term fiscal sustainability and the government’s ability to respond to economic shocks. The balance sheet also reflects the debt that must be repaid by future generations.

A greater focus on the balance sheet position would be beneficial as it would broaden the debate on fiscal policy which can often be fixated on which year a government returns to surplus. For instance, following the global financial crisis, the primary public focus was on whether the Budget would return to surplus while substantial increases in deficits in 2010–11 and 2011–12 which resulted in significant balance sheet deterioration were largely overlooked.

A balance sheet focus would also provide impetus for better asset management. The responsibility for managing assets and liabilities on a day-to-day basis has been devolved to individual agencies. Sound asset management suggests that governments should adequately fund upfront expenditure on assets, but also ongoing capital maintenance and operating costs.³⁸

2.60 All entities are expected to actively manage their underlying financial position, maintain asset levels to support their operations and ensure that sufficient funds will be available to meet liabilities as they fall due. The ANAO’s balance sheet focus assists the Parliament in determining which entities are most likely to require additional funding in the future.

Improving performance

2.61 As well as driving program-level improvements, the ANAO’s audit activities help improve public sector performance on a more systemic level. In certain areas of strong parliamentary interest or high risk, the ANAO undertakes a rolling series of audits to ensure continuing scrutiny of the relevant activities across the sector.

2.62 In recent years, the implementation of the resource management framework introduced by the PGPA Act and related PGPA Rule 2014 has been a focus of ANAO audit work programs. This framework introduced system-wide planning and performance reporting requirements and strengthens the accountabilities of accountable authorities of Commonwealth entities and companies for measuring and reporting on their performance to Parliament. The JCPAA played a key role in the development of the framework and it has continued to be a focus of the Committee’s work.³⁹

2.63 To date, the ANAO has conducted: three audits of corporate planning⁴⁰; three audits of annual performance statements⁴¹; one audit on the clear read across the Commonwealth resource management framework as a whole⁴²; and commenced a program of pilot assurance audits of annual performance statements of Commonwealth entities.⁴³ These audits were identified by the JCPAA as priorities of the Parliament and have found major issues with the appropriateness of performance reporting.

2.64 Appropriate and timely performance information strengthens accountability by informing the Parliament and the government about the impact of public sector entities’ activities relative to government objectives. It also assists entities to manage activities for which they are responsible and provides a basis for advice to government.

2.65 Progress in achieving the improvement in the performance framework over the seven years since its implementation has been disappointing, more so given that the framework built on a previous one that had similar elements and aspirations. The ANAO’s continuing focus in this area is expected to assist in keeping the Parliament, the government, and the public informed on implementation of the framework and to provide insights to entities to encourage improved accountability and transparency of performance.

2.66 Another key requirement under the PGPA Act is the duty of accountable authorities in relation to governing the entity for which they are responsible.⁴⁴ Governance involves putting appropriate systems and processes in place that shape, enable and oversee the management of an organisation. Reflecting its importance, governance is the most frequently audited activity by the ANAO.⁴⁵ It was also the subject of a series of audits in 2019 that assessed whether the boards of four corporate Commonwealth entities had established effective arrangements to comply with selected legislative and policy requirements, and adopted practices that support effective governance.⁴⁶

2.67 Key observations from this audit series were included in an edition of Audit Insights to assist Commonwealth boards and others with an interest in board governance arrangements in Commonwealth entities. The first report in this series also included a recommendation that the Department of Finance update its guidance to accountable authorities on their governance responsibilities, having regard to the key insights and messages for accountable authorities identified in recent inquiries and reviews. Finance agreed to the recommendation.

2.68 Policy development is another area of activity audited by the ANAO which has recently become a focus.⁴⁷ The public sector plays a key role in the development of public policy, including through providing quality advice to the government. Although the ANAO does not routinely comment on the merits of government policies, audits often examine whether the policy design process was informed by a strong evidence base and sound analysis, and whether the advice provided to government was timely, objective and impartial.⁴⁸ Audits also comment on the importance of record-keeping. Sufficient records should be created and retained to demonstrate the basis on which key policy design and implementation decisions were taken.⁴⁹

2.69 The ANAO also conducts continuing programs of audits on major areas of public investment, including in:

• defence capability – for example, the ANAO initiated a series of audits on the Future Submarine program to provide assurance on progress, due to the program’s cost, longevity and risk⁵⁰;
• large-scale infrastructure such as the National Broadband Network⁵¹;
• grants programs⁵²;
• major procurement activities⁵³;
• significant service delivery programs, such as the National Disability Insurance Scheme (NDIS)⁵⁴;
• programs targeting Indigenous Australians⁵⁵; and
• the government’s response to COVID-19.⁵⁶

2.70 As well as ensuring that entities responsible for the delivery of significant government-funded programs are adequately scrutinised and accountable for their performance throughout program implementation, these audits provide recommendations and insights for system-wide improvements.

Improving transparency and integrity

2.71 The ANAO contributes to improved transparency and integrity in the public sector through audit and assurance activities, as well as corporate disclosures.

2.72 It is the role of the Auditor-General to provide independent, accurate and complete information to the Parliament to promote accountability and transparency in the public sector. The annual Major Projects Report (MPR) is a good example of an ANAO assurance activity intended to improve the accountability and transparency of significant government activity for the benefit of Parliament and other stakeholders. The MPR includes a Priority Assurance Review⁵⁷ undertaken by the ANAO, at the request of the JCPAA, of material prepared by Defence related to major Defence equipment acquisition projects. The projects reviewed in the MPR represent a selection of the most significant projects managed by Defence, with a total approved budget of approximately $64.1 billion in 2018–19. Their high cost and contribution to national security, and the challenges involved in completing them within the specified budget and schedule, and to the required capability, make Defence major projects a subject of continuing parliamentary and public interest.

2.73 The ANAO also raises transparency issues in the public sector from a corporate reporting perspective. In Auditor-General Report No. 33 of 2016–17 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2016, observations were made about the level of transparency of remuneration for key management personnel in the public sector, noting that the requirements for listed companies under the Corporations Act 2001 provided more detailed disclosures of individual key management personnel remuneration than disclosures of Australian Government entities.⁵⁸ The report stated that there would be benefit in government considering making the aggregate level of transparency for key management personnel remuneration in the public sector consistent with that required for listed entities.

2.74 In a subsequent inquiry into Report No. 33, the JCPAA recommended in Report 463 that the Department of Finance:

• re-establish a formal requirement for disclosure of senior executive remuneration by Commonwealth entities (including, without limitation, Government Business Enterprises), with this requirement to be duly reflected in the relevant legislation and guidance; and
• ensure that the relevant disclosure is published in entity annual reports.⁵⁹

2.75 This was followed by a recommendation in the Independent Review into the operation of the Public Governance, Performance and Accountability Act 2013 and Rule to increase disclosures of remuneration paid to executives and highly paid staff.⁶⁰ In response, the Minister for Finance amended the Public Governance, Performance and Accountability Rule 2014 to require Commonwealth entities to make remuneration disclosures for key management personnel, senior executives and other highly paid staff in annual reports. The first additional disclosures were made in entities’ 2018–19 annual reports and were reviewed by the ANAO in Auditor-General Report No. 20 of 2019–20 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2019.⁶¹

2.76 Another area of corporate disclosure the ANAO has influenced is the reporting of gifts and benefits in the public service. The ANAO reviewed entities’ gifts and benefits policies in Auditor-General Report No. 47 of 2017–18 Interim Report on Key Financial Controls of Major Entities. The ANAO noted that there would be merit in the development of a whole-of-government gifts and benefits policy setting the minimum requirements for entities to include within their policies, to promote good practice across Commonwealth entities.⁶² A gifts and benefits policy incorporating regular review and monitoring increases accountability, while transparency would be enhanced through the publication of entity gifts and benefits registers on the internet. The maintenance of a central register may assist entities in meeting accountability and transparency obligations.

2.77 In October 2019, the Australian Public Service Commission (APSC) produced new guidance relating to gifts and benefits, directing agency heads to:

• create and keep a register of gifts and benefits accepted;
• update their register of all gifts and benefits accepted with a value of more than AU$100.00 (excluding GST), within 28 days of receiving the gift or benefit; and
• publish on their agency’s website the register of gifts and benefits accepted where the value of the gift or benefit exceeds AU$100.00 (excluding GST) on a quarterly basis.

Improving compliance

2.78 The ANAO conducts a number of audits focusing on entities’ compliance with key legislative or policy frameworks in order to ensure continuing observance of mandatory requirements.

2.79 Cyber resilience and compliance with mandatory IT security policies has been a key program of audit in recent years. In addition to IT controls assessment performed as part of the financial statements audit, the ANAO also reviews information systems and related controls as part of its program of performance audits. Since 2013–14, the ANAO has conducted five performance audits to assess the controls over cyber security for 17 different government entities.⁶³

2.80 The first three of these audits assessed both IT general controls and the selected entities’ implementation of the mandatory Strategies to Mitigate Targeted Cyber Intrusions (commonly known as the Top Four mitigation strategies) in the Australian Government Information Security Manual (ISM)⁶⁴, which are required by the Protective Security Policy Framework (PSPF). These controls have been mandatory for non-corporate Commonwealth entities since July 2014. The fourth audit was extended to also review implementation of the four non-mandatory strategies that make up the Essential Eight.⁶⁵ The fifth audit assessed the effectiveness of the management of cyber security risks by three Government Business Enterprises or corporate Commonwealth entities. A sixth audit on cyber security strategies of nine non-corporate Commonwealth entities to meet mandatory requirements under the PSPF is in progress and due to table in late 2020. The Interim Report on Key Financial Controls of Major Entities published in May 2020⁶⁶ also considered cyber security in the context of financial report preparation.

2.81 These audits found that compliance with mandatory requirements of information security continued to be low. The 2018 Cyber Resilience audit found that low levels of compliance were driven by entities not adopting a risk-based approach to prioritise improvements to cyber security, and cyber security investments being focused on short-term operational needs rather than long-term strategic objectives. The ANAO has made recommendations aimed at improving the cyber security framework which were agreed by the relevant policy agencies, the implementation of which will be reviewed in the sixth cyber security audit.⁶⁷ As part of its audit processes, the ANAO developed a list of behaviours and practices that may improve the level of cyber resilience in an entity.⁶⁸ The ANAO has also prepared an Audit Insights publication on conclusions drawn from its audit work in this area.⁶⁹

2.82 Other compliance audits include those focusing on whether procurement and grant activities follow the Commonwealth’s procurement and grant frameworks. The Commonwealth Procurement Rules (CPRs) and the Commonwealth Grant Rules and Guidelines (CGRGs), issued by the Minister for Finance, contain both mandatory requirements and good practice to assist agencies. While the requirements under these frameworks generally only apply to non-corporate entities, audits indicate that boards of corporate entities regularly include them in their internal frameworks as they represent good practice. Given that most corporate entities are responsible for public resources it is often unclear why these frameworks are not mandated more broadly.

2.83 Achieving value for money is the core rule of the CPRs. To achieve value for money, procurements should:

• encourage competition and be non-discriminatory;
• use public resources in an efficient, effective, economical and ethical manner that is not inconsistent with the policies of the Commonwealth;
• facilitate accountable and transparent decision making;
• encourage appropriate engagement with risk; and
• be commensurate with the scale and scope of the business requirement.⁷⁰

2.84 ANAO audits into procurement have found that entities can generate significant value from having an understanding of the market, the industry providing the goods or services and the product being purchased. Entities that understood their market were better able to scope their service or product needs, were more aware of the options available and could better provide assurance of best value for money being delivered – demonstrating compliance with the CPRs.⁷¹

2.85 The ANAO has observed that the introduction of the CGRGs has led to some important improvements in the standard of grants administration. For example, it is now common for program guidelines to be in place and for those guidelines to include clear eligibility and merit assessment criteria. The establishment of the CGRGs has also meant that entities have clear minimum briefing standards they must meet when advising Ministers on the award of grant funding and (through the GrantConnect website) there is a consistent standard of public reporting on the award of grant funding once a funding agreement has been signed.

2.86 Performance audits of grants administration have nevertheless continued to identify significant shortcomings in the design and administration of grants programs. This has most particularly been the case in relation to the processes by which applications for funding have been assessed and funding decisions made.⁷²

Audit Insights

2.87 The ANAO adopts a range of communication practices to strengthen the impact of its work and facilitate the sharing of audit insights. This has included the publication of Better Practice Guides on aspects of Commonwealth administration, for the information of Australian Government entities.

2.88 The 2015 Independent Review of Whole-of-Government Internal Regulation recommended that the ANAO review whether there is a continuing need to develop and maintain separate guidance material, where regulators and policy owners have developed or are developing policy guidance material. This recommendation reflected the risk that entities would treat Better Practice Guides from the ANAO as being the minimum expectation for any subsequent audits. This also posed independence risks as the ANAO would be auditing against the expectations set in its own publication. Following consultation with the Parliament and across government, the ANAO discontinued the publication and distribution of Better Practice Guides from 1 July 2017.⁷³

2.89 There remains, however, an opportunity for the ANAO to share its unique insights into good practice in public administration across the sector. In 2017–18, the ANAO developed Audit Insights, a new product which identifies and discusses common recurring issues, shortcomings and good practice examples, identified through the ANAO’s financial statement and performance audit work. The objective of Audit Insights is consistent with the ANAO’s purpose, to contribute to improved public sector performance.

2.90 To date, there have been 16 editions of Audit Insights, covering a variety of key learnings such as cyber resilience, the effectiveness of governance boards in corporate Commonwealth entities, and the management of conflicts of interest. Recently, Audit Insights have transitioned from summaries of lessons learned from audits tabled over the quarter, towards a more tailored, topic specific selection of themes using source information from a range of relevant audits. This ensures that the ANAO can better target its audience, and that each edition of Audit Insights is a relevant and contemporary product that addresses the emerging risks in the sector.

2.91 The ANAO published an Audit Insights edition on 16 April 2020 that outlines key messages from Auditor-General reports which have examined the rapid implementation of government initiatives. The focus is on key lessons learned from audits of past activities, which are likely to have wider applicability to the APS as it supports the national COVID-19 pandemic response.

Background

Performance audit

3.6 The ANAO’s performance audit activities involve the independent and objective assessment of all or part of an entity’s operations and administrative support systems. Performance audits may involve multiple entities and examine common aspects of administration or the joint administration of a program or service.

3.7 The Auditor-General Act 1997 (the Act) authorises the Auditor-General to conduct performance audits, assurance reviews or audits of the performance measures of Commonwealth entities, Commonwealth companies and their subsidiaries. The Act also authorises the Auditor-General to conduct a performance audit of a Commonwealth partner. Audits of Commonwealth partners that are part of, or controlled by, state or territory governments, must be requested by the responsible minister or the Joint Committee of Public Accounts and Audit (JCPAA). Audits of Commonwealth Government Business Enterprises (GBEs) must be requested by the JCPAA. The Act enables the Auditor-General to propose that the JCPAA make such a request.

3.8 Through this activity, the ANAO reports to the Parliament on the performance of executive government and areas where improvements can be made to aspects of public administration, and makes specific recommendations to assist public sector entities to improve performance. The audits can include consideration of:

• economy (minimising cost);
• efficiency (maximising the ratio of outputs to inputs);
• effectiveness (the extent to which intended outcomes were achieved);
• ethics (acquitting responsibilities with integrity, in accordance with the intent of the legislative or policy framework); and
• legislative and policy compliance.

3.9 Performance audit reports are tabled in Parliament as soon as practicable after completion and published on the ANAO website on the day of tabling. Performance audits that are in-progress are listed on the performance audits in-progress page.

About the chapter

3.10 This chapter examines the results of 229 performance audits tabled by the ANAO from 2015–16 to 2019–20. Across these reports, the ANAO made 618 recommendations to audited entities and the Australian Government.

3.11 Through this analysis, the chapter provides an overview of the public sector’s performance over the five years, across various metrics captured through performance audits. The analysis highlights the public sector’s strengths, as well as areas of weaknesses that would benefit from greater focus in future years.

3.12 The first part of the chapter analyses performance of audited entities as determined by the audit conclusion. During the performance audit process, the ANAO gathers and analyses the evidence necessary to draw a conclusion on the audit objective. For the purpose of this analysis, audit conclusions were sorted into four categories:

• unqualified;
• qualified (largely positive);
• qualified (partially positive); and
• adverse.

3.13 An example of these conclusions in the context of an audit examining an entity’s effectiveness would be: fully effective; largely effective; partially effective; and ineffective. In this chapter, ‘unqualified’ and ‘qualified (largely positive)’ conclusions are considered positive conclusions while ‘qualified (partially positive)’ and ‘adverse’ conclusions are deemed negative conclusions.

3.14 These conclusion categories from the 229 performance audits were examined against four variables:

• primary activity being examined;
• portfolio of the audited entity⁷⁴;
• objective of the audit; and
• stage of delivery of the activity.

3.15 The second part of the chapter examines audited entities’ responses to the recommendations made in performance audit reports, namely:

• the number of recommendations received by portfolio;
• whether an entity has agreed to audit recommendations; and
• whether an entity has implemented agreed recommendations.

3.16 The entities examined in this chapter were grouped in accordance with the ANAO’s 2019–20 annual audit work program (AAWP) portfolio classification. This means, for instance, that the Australian Taxation Office (ATO) is analysed separately to the rest of the Treasury portfolio. The analysis also reflects the portfolio structure prior to the machinery of government changes announced in December 2019 and implemented in February 2020.⁷⁵

Analysis of performance audit conclusions

3.17 Of the 229 performance audits examined, 12.3 per cent were unqualified, 41.5 per cent were qualified (largely positive), 37.4 per cent were qualified (partially positive) and 8.9 per cent were adverse. Given the risk-based approach of audit process and selection, the fact that 53.8 per cent of audit conclusions are largely positive or better could be seen as a positive indicator of the overall effectiveness of the public sector.

Analysis by activity

3.18 To ensure appropriate coverage of portfolio responsibilities, the ANAO considers proposed audit topics against a range of key public administration activities. The activity categories are:

• asset management and sustainment;
• grants administration;
• governance;
• policy development;
• procurement;
• regulatory; and
• service delivery.

3.19 Table 3.1 below shows the breakdown of audit coverage from 2015–16 to 2019–20 by using the major activity category for each audit (many audits relate to more than one activity category). Governance is the most common activity audited (41.9 per cent).⁷⁶ This is followed by service delivery (20.1 per cent). Policy development is the least common activity the ANAO has audited over the past five years (3.1 per cent).

Table 3.1: Audit coverage across activities, 2015–16 to 2019–20

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

Activity by portfolio

3.20 Figure 3.1 breaks down the audits conducted in each portfolio⁷⁷ by activity. The spread of audits reflects the distinct roles and responsibilities of each portfolio and their associated risk areas. Governance is critical to all entities and has been the focus of the highest proportion of audits undertaken in every portfolio, with the exception of:

• Services Australia and Social Services, where service delivery is the predominant activity; and
• Infrastructure, Transport, Cities and Regional Development (Infrastructure), where procurement is the equally dominant activity to governance.

3.21 Only one portfolio, Infrastructure, has not had an audit focused on service delivery activity.

3.22 Asset management and sustainment audits have been conducted in six portfolios: Defence; Veterans’ Affairs; Communications and the Arts; Home Affairs; Industry, Innovation and Science; and Infrastructure. Procurement audits are more common in the Infrastructure, Defence and Finance portfolios, while regulatory activities are more frequently audited in the Treasury, Attorney-General’s, Environment and Energy portfolios, and the ATO.

Figure 3.1: Activity breakdown by portfolio

 

 

Note a: The Parliamentary Departments portfolio has been excluded from this analysis, as it was only audited once over the five years (Auditor-General Report No. 19 of 2016–17 Managing Contracts at Parliament House).

Source: ANAO analysis of performance audits tabled in 2015–16 to 2019–20.

3.23 Table 3.2 breaks down the number of audits of each activity across portfolios. This enables an analysis of which activities are more commonly audited in each portfolio.

3.24 For example, 54 per cent of audits on asset management and sustainment have been conducted in Defence. Twenty per cent of policy development audits were in the Social Services portfolio, and 31 per cent of procurement audits were in Infrastructure, followed by Defence at 25 per cent. Governance audits are more evenly spread across the portfolios, from 10 per cent in Health to three per cent in Veterans’ Affairs.

Table 3.2: Breakdown of audits of each activity across portfolios

Note a: The Parliamentary Departments portfolio has been excluded from this analysis, as it was only audited once over the five years (Auditor-General Report No. 19 of 2016–17 Managing Contracts at Parliament House).

Note b: Percentages may not total 100 due to rounding.

Source: ANAO analysis of performance audits tabled in 2015–16 to 2019–20.

Audit conclusion by activity

3.25 Figure 3.2 analyses the spread of audit conclusion categories across the activities. Entities examined in audits of procurement have the highest proportion of negative conclusions and the lowest proportion of positive conclusions, with less than 15 per cent of audit conclusions categorised as unqualified or largely positive. In contrast, over 93 per cent of entities examined in policy development audits received a positive conclusion.

3.26 The ANAO performed a regression analysis⁷⁸ on the performance audit dataset to determine whether these results were statistically significant – that is, whether the activities audited were a predictor of certain audit conclusion categories. The regression analysis confirmed that two audited activities (procurement and policy development) had a statistically significant and independent impact on audit conclusions. If an entity is audited for its procurement activity, the audit conclusion is more likely to be negative, while an entity audited for policy development is more likely to receive a positive audit conclusion.

3.27 All other variables, including other activities, were found to not have a statistically significant impact on the category of audit conclusions.

3.28 The regression analysis indicates that while entities are generally adept at policy development, procurement remains a key government activity requiring further effort across the public sector. Audits examining procurement practices in the public sector have drawn attention to the benefits of using competitive procurement processes to demonstrably obtain value for money, as well as the importance of managing probity and other risks. Understanding the market, the options available and its ability to satisfy the procurement need over the product or service life cycle is necessary to ensure that value for taxpayers’ money is maximised.⁷⁹

Figure 3.2: Audit conclusion by activity

 

 

Note a: Auditor-General Report No. 6 of 2018–19 Army’s Protected Mobility Vehicle – Light has been excluded from this analysis, as the audit conclusion was omitted under paragraph 37(1)(b) of the Auditor-General Act.

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

3.29 Although determined not to be a statistically significant factor under regression analysis, regulatory activity is the other category in which the proportion of unqualified or largely positive conclusions fall under 50 per cent. Sound regulatory administration is risk-based and should generally be proportionate to the risk of non-compliance or regulatory failure. Adopting a risk-based approach can assist a regulator in minimising compliance costs for regulated entities, streamlining interaction between them and regulated entities, and enhancing the benefits derived for the community. Decisions made in administering regulation should be objective and made without undue bias and in the absence of conflicts of interest.⁸⁰

3.30 Excluding policy development, grants administration has the lowest proportion of negative conclusions and the highest proportion of unqualified or largely positive conclusions. The grants policy framework promotes transparent, accountable and cost-effective grants administration through a combination of legislative and policy requirements and associated guidance material. Audits of grant programs have highlighted that selecting grant applications that demonstrably satisfy well-constructed selection criteria is considerably more likely to lead to a positive result in terms of achieving program objectives, as well as being more efficient for entities to administer.⁸¹

Analysis by portfolio

3.31 In developing its AAWP, the ANAO considers the need to provide a balanced program of activity that is informed by risk and promotes accountability, transparency and improvements to public administration. Figure 3.3 shows the spread of audits across portfolios over the five years from 2015–16 to 2019–20.

3.32 As outlined in paragraph 3.16, the entities examined in this analysis were grouped in accordance with the ANAO’s 2019–20 AAWP portfolio classification. The analysis also reflects the portfolio structure prior to the machinery of government changes announced in December 2019 and implemented in February 2020.⁸²

Figure 3.3: Performance audit portfolio coverage, 2015–16 to 2019–20

 

 

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

3.33 Defence is the ANAO’s most audited portfolio, which is consistent with the importance and complexity of its role, its large budget, and the various associated risks that arise from its activities. Home Affairs, Infrastructure and Health are the next most audited portfolios.

Average of conclusions by portfolio

3.34 Figure 3.4 summarises the conclusion categories received by each portfolio from performance audits published from 2015–16 to 2019–20, ordered by the proportion of positive audit conclusions (unqualified and largely positive).

Figure 3.4: Audit conclusion by portfolio, 2015–16 to 2019–20

 

 

Note a: Auditor-General Report No. 6 of 2018–19 Army’s Protected Mobility Vehicle – Light has been excluded from this analysis, as the audit conclusion was omitted under paragraph 37(1)(b) of the Auditor-General Act.

Note b: The Parliamentary Departments portfolio has been excluded from this analysis, as it was only audited once over the five years (Auditor-General Report No. 19 of 2016–17 Managing Contracts at Parliament House).

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

3.35 Although no portfolio was found to have a statistically significant impact on the category of audit conclusion, Figure 3.4 shows that, overall, the audits in the Prime Minister and Cabinet (Indigenous) category have received the highest proportion of ‘negative’ conclusions, followed by audits in the Infrastructure portfolio. In terms of adverse conclusions, the Environment and Energy portfolio has recorded the highest proportion, followed closely by the Home Affairs portfolio. Two portfolios – Environment and Energy, and Infrastructure – have had no audits with unqualified conclusions.

3.36 The Foreign Affairs and Trade portfolio has the highest proportion of positive conclusions, with over 90 per cent of audit conclusions in that portfolio over the five years comprising of unqualified and largely positive conclusions.

3.37 The four audit conclusion categories were assigned a score on a four-point scale (‘unqualified’ with a score of 4 to ‘adverse’ with a score of 1). Figure 3.5 below shows the average score based on audit conclusions by portfolio.

Figure 3.5: Average score based on audit conclusions by portfolio, 2015–16 to 2019–20

 

 

Note a: Auditor-General Report No. 6 of 2018–19 Army’s Protected Mobility Vehicle – Light has been excluded from this analysis, as the audit conclusion was omitted under paragraph 37(1)(b) of the Auditor-General Act.

Note b: The Parliamentary Departments portfolio has been excluded from this analysis, as it was only audited once over the five years (Auditor-General Report No. 19 of 2016–17 Managing Contracts at Parliament House).

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

3.38 Figure 3.5 shows that based on the average score of the audit conclusions they received, the Infrastructure, Home Affairs and Prime Minister and Cabinet (Indigenous) are the three lowest scoring portfolios, while Foreign Affairs and Trade, Communications and the Arts, and the ATO are the three highest scoring portfolios.

3.39 The average score across all portfolios was 2.6. Eleven portfolios fell below this average. None of the portfolios fell below the average score of 2, based on the audit conclusions they received.

Analysis by objective

3.40 Subsection 15(1) of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) provides that the accountable authority of a Commonwealth entity must govern the entity in a way that promotes the proper use and management of public resources. The PGPA Act defines ‘proper’ as efficient, effective, economical and ethical. Entities are also obliged to comply with relevant legislative requirements, and for non-corporate Commonwealth entities, operate in a way that is not inconsistent with the policies of the Australian Government.

3.41 In consideration of the obligations set out under the PGPA Act, each performance audit makes a conclusion on whether the entity achieved the objective of being efficient, effective, economical and/or ethical in its implementation of the program or activity under examination.

3.42 The analysis in this section is based on a categorisation of audits by the primary objective examined. Audits may involve an examination of elements of other objectives which are not captured in this analysis.

3.43 Table 3.3 shows that effectiveness is the most common objective examined by the ANAO in its performance audits (84.7 per cent). The ANAO is focused on assessing all aspects of the proper use of resources and has in recent years expanded effort towards conducting performance audits of efficiency. In future years, the ANAO will focus on designing an appropriate audit framework to more fully examine ethics.⁸³

Table 3.3: Audit coverage analysed by objective of ANAO review

Note a: Percentages may not total 100 due to rounding.

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

Objective by portfolio

3.44 Figure 3.6 breaks down performance audit coverage of objectives by portfolio. Economy, which aims to minimise cost, is most commonly audited in portfolios where procurement audits are more frequent: Infrastructure, Finance and Defence (see Figure 3.1). All audits conducted over the five years in three portfolios – ATO, Prime Minister and Cabinet (PM&C) and PM&C (Indigenous) – primarily examined effectiveness. Ethics was examined in one cross-entity audit within the Agriculture portfolio⁸⁴ and in a series of audits examining fraud management in the departments of Foreign Affairs and Trade, Home Affairs and Social Services.⁸⁵

Figure 3.6: Audit objective — breakdown by portfolio

 

 

Note a: The Parliamentary Departments portfolio has been excluded from this analysis, as it was only audited once over the five years (Auditor-General Report No. 19 of 2016–17 Managing Contracts at Parliament House).

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

Audit conclusion by objective

3.45 For performance audit reports published from 2015–16 to 2019–20, the ANAO analysed the spread of audit conclusions for each audited entity against the four categories of objective (economy, effectiveness, efficiency and ethics). Although no objective was found to have a statistically significant impact on the category of audit conclusion, efficiency audits show the lowest proportion of negative conclusions (35 per cent). In contrast, over 70 per cent of economy audits have received negative conclusions. The results of this analysis are summarised in Figure 3.7.

Figure 3.7: Audit conclusion analysed by objective of ANAO review

 

 

Note a: Auditor-General Report No. 6 of 2018–19 Army’s Protected Mobility Vehicle – Light has been excluded from this analysis, as the audit conclusion was omitted under paragraph 37(1)(b) of the Auditor-General Act.

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

Analysis by stage of delivery

3.46 Australian Government programs and activities present a variety of risk profiles related to their stage of maturity. The ANAO seeks to provide assurance over a range of programs and activities across different stages of implementation maturity. Audits of programs in the design, standing up and early delivery phases enable insights to be made that assist implementation and delivery. Audits of programs at the mature delivery and after completion stage aim to provide findings directed towards assurance, evidence collection, lessons learned for future programs, and delivery of objectives.

3.47 Table 3.4 shows that the majority of performance audits tabled from 2015–16 to 2019–20 examined the mature delivery stage of implementation (60.3 per cent).

Table 3.4: Audit coverage analysed by stage of delivery

Note a: Percentages may not total 100 due to rounding.

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

Stage of delivery by portfolio

3.48 Figure 3.8 shows the ANAO’s coverage of stages of delivery across the portfolios.⁸⁶ The mature delivery phase is the most commonly audited stage of delivery in all portfolios. The design phase has been audited most frequently in the PM&C portfolio.

3.49 The Indigenous audits represent the highest proportion of early delivery audits, and the Employment, Skills, Small and Family Business (Employment) portfolio has seen the highest proportion of audits examining the after completion phase.

Figure 3.8: Stage of delivery — breakdown by portfolio

 

 

Note a: The Parliamentary Departments portfolio has been excluded from this analysis, as it was only audited once over the five years (Auditor-General Report No. 19 of 2016–17 Managing Contracts at Parliament House).

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

Audit conclusion by stage of delivery

3.50 The ANAO’s analysis of audit conclusions by stage of delivery is provided in Figure 3.9. Although no stage of delivery was found to have a statistically significant impact on the category of audit conclusion, standing up phase of delivery had the highest proportion of negative conclusions, with just over 50 per cent of entities examined in this phase receiving a negative conclusion.

3.51 The design phase had the highest proportion of unqualified and largely positive conclusions. No entity audited in the design phase received an adverse conclusion in the five years examined.

Figure 3.9: Audit conclusion analysed by stage of delivery

 

 

Note a: Auditor-General Report No. 6 of 2018–19 Army’s Protected Mobility Vehicle – Light has been excluded from this analysis, as the audit conclusion was omitted under paragraph 37(1)(b) of the Auditor-General Act.

Source: ANAO analysis of performance audit reports published 2015–16 to 2019–20.

Analysis of entity responses to recommendations

Number of ANAO recommendations

3.52 Through its performance audits, the ANAO identifies areas where improvements can be made to aspects of public administration and makes specific recommendations to assist public sector entities to improve their program management.

3.53 From 2015–16 to 2019–20, the ANAO made 618 recommendations across 206 performance audits⁸⁷, of which 553 were agreed to by entities without qualification. Table 3.5 shows the number of recommendations made and agreed to by financial year.

Table 3.5: Number of recommendations made by ANAO and agreed to by entities

Source: ANAO analysis of performance audits tabled from 2015–16 to 2019–20.

3.54 Figure 3.10 provides a breakdown of recommendations made by the ANAO on a portfolio basis. The Home Affairs portfolio received the highest number of recommendations, followed by the Environment and Energy portfolio.

Figure 3.10: Number of ANAO recommendations received by portfolio

 

 

Source: ANAO analysis of performance audits tabled from 2015–16 to 2019–20.

Entity agreement to recommendations

3.55 Under section 19 of the Auditor-General Act 1997, the ANAO provides a copy of the draft performance audit report to entities before the finalisation of the report, including any proposed recommendations. Entity responses to recommendations are reproduced in the body of the final audit report. As the entity’s response is, in effect, a response to Parliament on its view of the recommendation, it is expected that the response should indicate whether the entity agrees or disagrees with each recommendation and the actions it intends to take in response to each recommendation.⁸⁸

3.56 The ANAO’s regular engagement with entities during the audit process means they are aware of the issues raised. Disagreement with recommendations is therefore rare, as the auditors and entities work through issues before finalisation of the audit report.

3.57 ANAO performance audit reports and entity responses to recommendations are tabled in Parliament. Tabling an agreed response to a recommendation in the Parliament formalises government or entity commitment to the Parliament to implement it.

3.58 This section analyses the rate of entities’ agreement to ANAO recommendations. The four categories for assessing agreement to recommendations are:

• fully agreed;
• agreed with some qualification (including partly agree and agree in principle);
• noted or no response; and
• disagreed.

3.59 Figure 3.11 compares the number of recommendations received and the number of recommendations fully agreed to, on a portfolio basis.⁸⁹ Only three portfolios — Education, Employment and Veterans’ Affairs — have fully agreed to all ANAO recommendations over the five years.

3.60 Although the Finance portfolio shows the greatest discrepancy between the number of recommendations received and those fully agreed to, this is partly due to the fact that ANAO recommendations directed at amending government rules or policies tend to be noted by the Department of Finance on the basis that legislative and policy matters require government consideration.⁹⁰

Figure 3.11: Recommendations received and fully agreed to — by portfolio

 

 

Source: ANAO analysis of performance audits tabled from 2015–16 to 2019–20.

3.61 Figure 3.12 compares entity responses to ANAO recommendations by financial year. The vast majority of recommendations are fully agreed to every year. In 2019–20, there has been a decrease in qualified agreements, but an increase in entities noting or not responding to recommendations. The ANAO generally views noting recommendations as equivalent to disagreeing. That is, no commitment is made by the entity to implement any change to the area of deficiency identified through the audit process.

Figure 3.12: Entity responses to recommendations — by financial year

 

 

Source: ANAO analysis of performance audits tabled from 2015–16 to 2019–20.

Implementation of recommendations

3.62 Partly in response to growing parliamentary interest⁹¹, the ANAO established a program of work to examine the performance of Australian Government entities in relation to implementing audit and parliamentary recommendations. The adequate and timely implementation of agreed recommendations is an important element of realising the full benefit of those recommendations, serves to demonstrate an entity’s commitment to improving public administration and recognises its accountability to Parliament for following through on its commitments.

3.63 Past audits indicate that strong oversight, including regular reviews by the entities’ audit committees, is critical in the successful implementation of recommendations.⁹² Accountable authorities and entities’ audit committees should ensure agreed recommendations are implemented in a timely manner and closed off thoughtfully, after fully addressing the areas of risk raised by the recommendations.

3.64 The following analysis is based on the findings of follow-up audits tabled in 2015–16 to 2019–20 that examined the implementation of ANAO recommendations. There were 15 follow-up audits tabled, examining the status of 113 ANAO recommendations across 11 portfolios.⁹³

3.65 The three categories used to assess entity implementation of ANAO recommendations are:

• implemented;
• partially implemented (including in-progress); and
• not implemented.

3.66 Table 3.6 shows the status of implementation activity against these categories at the time that follow-up audits were undertaken.

Table 3.6: Implementation of ANAO recommendations

Source: ANAO analysis of follow-up audits tabled in 2015–16 to 2019–20. This analysis reflects the status of implementation activity at the time the audits were undertaken.

3.67 Figure 3.13 breaks down the implementation status by the 11 portfolios that were examined in the follow-up audits to date. The analysis shows that the Health portfolio and the ATO had the highest proportion of fully implemented recommendations. The Infrastructure, Finance and Home Affairs portfolios had the lowest proportion of fully implemented recommendations.

Figure 3.13: Implementation of ANAO recommendations — by portfolio

 

 

Source: ANAO analysis of follow-up audits tabled in 2015–16 to 2019–20. This analysis reflects the status of implementation activity at the time the audits were undertaken.

Background

Financial statements audit

4.3 Under the Auditor-General Act 1997, the Auditor-General’s functions include undertaking financial statements audits of all Australian Government entities, including non-corporate and corporate Commonwealth entities; Commonwealth companies; and the subsidiaries of corporate Commonwealth entities and Commonwealth companies.⁹⁴ The primary purpose of financial statements is to provide relevant and reliable information to users about a reporting entity’s financial performance and position. In the public sector, the users of financial statements include the Parliament, the community and ministers. The preparation of timely and accurate audited financial statements is also an important indicator of the effectiveness of an entity’s financial management, which fosters confidence in an entity on the part of users.

4.4 The ANAO’s financial statements audits, undertaken in accordance with the ANAO Auditing Standards, provide an independent examination of the financial accounting and reporting of public sector entities. They provide assurance that financial statements have been prepared in accordance with the Australian Government’s financial reporting framework and Australian accounting standards.

4.5 The ANAO tables two reports annually addressing the outcomes of the audits of financial statements of Commonwealth entities. The Interim Report on Key Financial Controls of Major Entities (controls report) details the ANAO’s examination of the relevant internal controls in specific entities (approximately 24 entities, referred to as ‘controls entities’), including information technology system controls, to support the preparation of financial statements that are free from misstatement. The second report, Audits of the Financial Statements of Australian Government Entities, reports on the results of the financial statements audits of all Commonwealth entities (approximately 250 entities) and the Australian Government’s Consolidated Financial Statements.

4.6 Once financial statements audits are completed, the auditor’s report with the financial statements are provided to the relevant minister. The auditor’s report includes the auditor’s opinion as to whether the financial statements comply with appropriate legislation and the accounting standards, and present fairly the financial position and performance of the entity. A copy of the auditor’s report and the financial statements are included in entities’ annual reports, which are provided to the responsible minister for tabling in Parliament.

About the chapter

4.7 The analysis in this chapter provides an overview of the quality of financial statements reports across the public sector and how this has changed over the past five years. It highlights that while the public sector overall has sound financial reporting arrangements, greater effort is required in a number of areas including in ensuring a secure information technology environment and greater compliance with elements of the finance law.

4.8 The first part of this chapter examines the findings across the 1236 auditor’s reports issued by the ANAO following the financial statements audits of all government entities from 2014–15 to 2018–19.⁹⁵ Out of these reports, there was one modified report⁹⁶ and 22 reports containing an emphasis of matter.⁹⁷ The ANAO also made 1081 audit findings and identified 23 legislative breaches.

4.9 The analysis breaks down the findings from these financial statements audits by:

• rating of the finding;
• portfolio of the entity; and
• category of the findings.

4.10 The second part of the chapter examines the areas of non-compliance with finance law⁹⁸ as reported by controls entities at each financial year from 2015–16 to 2018–19. Compliance data for 2014–15 is not available due to the change in reporting rules in 2015–16.⁹⁹ For this reason, 2014–15 has been excluded from this second part of the analysis.

Analysis of financial statements audit findings

By rating

4.11 Audit findings are raised in response to the identification of a potential business or financial risk posed to an entity. Often these risks arise from deficiencies within an entity’s internal control processes or frameworks. Weaknesses in internal controls increase the possibility that an entity will not prevent or detect a material misstatement in its financial statements in a timely manner. The ANAO rates audit findings according to the potential business or financial management risk posed to the entity. The rating scale is presented in Table 4.1.

Table 4.1: Audit findings rating scale

Source: ANAO.

4.12 This section summarises the findings made during financial statements audits for financial years 2014–15 to 2018–19, by rating. The table below shows a breakdown by rating of all findings and legislative breaches over the relevant period. Category C or minor findings comprise the majority of total findings over the years at 85.8 per cent. Category A or significant findings comprise 1.2 per cent of all findings.

Table 4.2: All findings and legislative breaches by rating, 2014–15 to 2018–19

Source: Analysis of financial statements audits 2014–15 to 2018–19.

4.13 Table 4.2 shows that the total number of findings had been declining steadily from 2014–15 to 2017–18, before increasing in 2018–19.

By portfolio

4.14 Consistent with Chapter 3, for the purpose of this analysis, the entities were grouped under the portfolio in accordance with the ANAO’s 2019–20 Annual Audit Work Program (AAWP) portfolio classification. This means, for instance, that the Australian Taxation Office (ATO) is analysed separately to the rest of the Treasury portfolio. The analysis also reflects the portfolio structure prior to the machinery of government changes announced in December 2019 and implemented in February 2020.¹⁰⁰ Entities that have been abolished since the audit have been categorised under portfolios they would have been in if they existed in 2019–20 (based on their original portfolio).

4.15 Figure 4.1 shows the total number of findings from financial statements audits for financial years 2014–15 to 2018–19, by portfolio.

Figure 4.1: Number of financial statements findings by portfolio, 2014–15 to 2018–19

 

 

Note a: The figure excludes a category B finding for the Consolidated Financial Statements in 2014–15.

Source: Analysis of financial statements audits for financial years 2014–15 to 2018–19.

4.16 The Social Services portfolio has received the highest number of significant findings over the years: one raised in 2014–15; one in 2015–16 and two in 2016–17. The finding in 2014–15 was in the Department of Social Services in relation to child care compliance payments. The other three findings were raised in relation to the National Disability Insurance Agency. All four have since been resolved.

4.17 The Infrastructure, Transport, Cities and Regional Development (Infrastructure) portfolio has received three significant findings over the years: one in 2014–15 for Norfolk Island Hospital Enterprise and two in respect of the Administration of Norfolk Island and the Consolidated Group (the Administration) in 2015–16. The 2014–15 finding was downgraded to moderate in the course of audit work in the following year. The two 2015–16 findings related to the absence of key elements of an effective corporate governance framework; and the lack of a formal asset and capital management plan. The Administration has since transitioned into a Regional Council operating under the New South Wales local government legislation on 1 July 2016, removing the ANAO’s audit obligations.

4.18 In the Defence portfolio, one significant finding was raised in the Department of Defence in 2017–18 and was carried over into 2018–19. It related to the management and monitoring of specialist military equipment balances in Defence’s financial and logistics information systems. The finding remains unresolved and will be tested further in the 2019–20 audit cycle.

4.19 Four other portfolios have received a significant finding over the years: Education; Health; Home Affairs; and Prime Minister and Cabinet (PM&C). The significant findings in each portfolio relate to:

• Department of Education – a finding from 2013–14, relating to significant weaknesses in the child care compliance program, including significant amounts of incorrect payments being made to child care service providers. This finding was resolved in the 2016–17 audit cycle;
• Australian Digital Health Agency (ADHA) — a finding in 2018–19 was raised in relation to control weaknesses in contract and supplier management and financial reporting processes. This resulted in material adjustments being identified by the ANAO and has highlighted weaknesses in the integrity of the financial reporting process. The finding will be tested further in the 2019–20 audit cycle;
• Department of Home Affairs — a finding in 2018–19 relating to non-compliance with the framework in place for visa and citizenship quality management which is designed to ensure the effective identification and management of emerging business risks relating to assessment and issuance of visas and citizenship. The finding will be tested further in the 2019–20 audit cycle; and
• Northern Land Council – weaknesses relating to the financial management and financial statement close processes, particularly poor quality reporting and reconciliation processes. This was a moderate finding first raised in 2011–12, and was re-categorised as a significant finding in 2014–15. The finding was downgraded to a minor finding in the following financial year and resolved in 2016–17.

4.20 The PM&C portfolio has received the highest number of total findings over the five years with a total of 128. Most of these findings (108) were in PM&C’s portfolio entities responsible for Indigenous affairs; 19 findings, including three category B findings, were in the Department of the Prime Minister and Cabinet; and one minor finding from 2018–19 was in the Australian Public Service Commission.

4.21 A more detailed breakdown of the findings in the PM&C portfolio in the below figure shows that the high number of findings were driven primarily by minor findings, especially from 2014–15. These have steadily decreased over the years. The 2018–19 saw an increase in the total number of findings by two, with the two new moderate findings and two significant legislative non-compliance (L1) offsetting the continued decrease in minor findings.

Figure 4.2: Breakdown of the findings in the PM&C portfolio, 2014–15 to 2018–19

 

 

Source: Analysis of financial statements audits from financial years 2014–15 to 2018–19 in the PM&C portfolio.

4.22 At the other end of the scale, the Employment portfolio has the lowest number of findings over the years with a total of 12, followed by the Parliamentary Departments, with the latter receiving 18 findings over the five years. Two portfolios have only received minor findings over five years: Foreign Affairs and Trade; and Veterans’ Affairs.

By category

4.23 As part of the interim audits, the ANAO assesses the effectiveness of key controls identified during the planning stages. This assessment is made at a point in time and provides the Parliament and entities with an insight into weaknesses which have the potential to impact the financial statements at year end. Table 4.3 presents the broad categories of control activities assessed by the ANAO and their definitions.

Table 4.3: Category of audit findings and definitions

Source: ANAO.

4.24 Figure 4.3 breaks down, by category, the audit findings from 2014–15 to 2018–19. Legislative breaches are not included in this analysis.

Figure 4.3: Findings by category, 2014–15 to 2018–19

 

 

Source: Analysis of financial statements audits 2014–15 to 2018–19.

4.25 Overall, IT control environment is the most common category of audit finding, comprising 36 per cent of all findings over the five years. The most common area of weakness is in security management, in particular the management of user access and monitoring of privileged users. Privileged users are able to make significant changes to IT systems configuration and operations, bypass critical security settings and access sensitive information. To reduce the risks associated with this access, the Australian Government Information Security Manual (ISM) requires that privileged user access be appropriately restricted and when provided, that the access is logged, regularly reviewed and monitored.

4.26 The second highest number of findings is in the compliance and quality assurance frameworks category. This category incorporates findings relating to weaknesses in controls and processes supporting financial statements preparation. Despite the overall decline in the findings in the category over the years, the 2018–19 financial statements audits saw the highest number of findings related to the quality of financial statements preparation in the past four years (one significant, four moderate and 14 minor findings). The significant finding was in the Australian Digital Health Agency (ADHA) and is outlined in the second dot-point at paragraph 4.19. This finding in ADHA was the only significant finding relating to processes supporting financial statements preparation reported over the last four years.¹⁰¹

4.27 The 2018–19 audit cycle also saw a decline in the timeliness and quality of financial statements preparation. Only 69 per cent of entities delivered their financial statements in line with the agreed timeframes (compared to 82 per cent in 2017–18). Further, the number of audit differences,¹⁰² including unadjusted audit differences, increased compared to the previous year (a 7 per cent increase overall, with 120 unadjusted audit differences reported compared to 89 in 2017–18).

4.28 The decrease in timeliness, and increase in audit differences and in findings indicate a reduction in the quality of financial statements preparation processes for a number of entities in 2018–19.

4.29 Figure 4.3 also shows an increase in the number of findings in the human resources and financial processes category in recent years. The escalating trend of findings in this category and the significance of these as a proportion of all financial statements audit findings has prompted the ANAO to undertake some targeted assurance activities over a significant component: the management of staff leave. Three financial statements audits were selected for further assessment of compliance of the management of leave accruals and balances with human resource policies and requirements. The entities selected were the departments of Home Affairs, Prime Minister and Cabinet, and the Treasury.

4.30 The results of the interim analysis were published in Auditor-General Report No. 38 of 2019–20 Interim Report on Key Financial Controls of Major Entities.¹⁰³

Analysis of compliance with finance law

4.31 Commonwealth entities are required to comply with finance law¹⁰⁴, meaning they must have sufficient controls in place to be able to identify instances of non-compliance. Under section 19 of the PGPA Act¹⁰⁵, accountable authorities have a duty to keep the responsible minister and Finance Minister informed of significant issues that may affect the entity. Prior to 2015–16, general government sector entities were required to submit an annual certificate of compliance to the Finance Minister and the responsible minister, summarising all non-compliance with the PGPA Act framework. From 2015–16, the compliance reporting process was changed to require entities to report only significant non-compliance with finance law to both the Finance Minister and the responsible minister.

4.32 This section analyses instances of non-compliance with finance law as identified by entities from 2015–16 to 2018–19. As the ANAO examines compliance matters during the interim phase of audit, analysis in this section is limited only to the 24 entities examined in controls reports. These include all departments of state and a number of major Australian Government entities. The entities included in the report are selected on the basis of their contribution to the income, expenses, assets and liabilities of the Consolidated Financial Statements of the Australian Government.

Significant non-compliance

4.33 To assist entities with their reporting duties under section 19 of the PGPA Act, the Department of Finance issued guidance in relation to reporting of significant non-compliance through the Resource Management Guide 214 Notification of significant non-compliance with finance law (RMG 214). RMG 214, which became applicable from 1 July 2015, states that:

8. What constitutes significant non-compliance with the finance law is for the accountable authority to determine based on the specific circumstances, the operating context of the entity, and in consultation with the responsible Minister, as appropriate.

9. In determining significance, accountable authorities are encouraged to consider:

• materiality—the importance of the issue relative to the entity's size and operations (including the value and volume of non-compliance);
• occurrence—whether the non-compliance is "one-off" or systemic; and
• risk—whether the issue is likely to be politically sensitive, and the likely or actual impact on the reputation, public perception, financial position or financial sustainability of the entity or that of others (bearing in mind that consequences may be non-financial).¹⁰⁶

4.34 As part of the interim audits for financial years 2015–16 to 2018–19, the ANAO considered the application of RMG 214 by controls entities.¹⁰⁷ Entities advised that professional judgment is applied and consideration given to the nature and volume of breaches when assessing significance. As at interim audit work in 2018–19, seven entities¹⁰⁸ had provided further guidance within their definition of significant non-compliance, specifying a financial threshold above which non-compliance would be considered significant. The financial thresholds include: a percentage of either departmental budget amounts or entity determined materiality thresholds; or set dollar figure. The dollar range of thresholds varies from $50,000 to $20 million.

4.35 In addition to notifying the relevant minister of any significant issues which occur, the entity must also report any significant non-compliance in its annual report in line with section 17AG of the PGPA Rules. The table below summarises the instances of significant non-compliance with finance law as reported in entities’ annual reports.

Table 4.4: Reported instances of significant non-compliance with finance law

Note a: The department noted that ‘While the non-compliance does not clearly align to the guidance on what would be considered ‘significant’ under the Department of Finance’s Resource Management Guide 214 – Notification of significant non-compliance with the finance law, the Secretary has determined that on balance and in the interests of transparent administration, the breaches should be disclosed’.

Source: Entities’ annual reports.

All instances of non-compliance

4.36 Entities undertake a range of activities to identify instances of non-compliance and support their assessments of whether identified breaches meet the definition of significant breaches. These activities include self-reporting, internal assurance activities, and questionnaires completed by officers holding delegations.

4.37 The ANAO analysed instances of non-compliance as identified by entities included in controls reports from 2015–16 to 2018–19. Changes to the reporting process in 2015–16 removed the requirement for all instances of non-compliance to be centrally reported to the Department of Finance. As a consequence, several entities changed their policies to only require significant non-compliance to be reported to their audit committees and accountable authorities, rather than all instances of non-compliance. Due to their reduced reporting practices, the analysis below excludes the Department of Foreign Affairs and Trade, Services Australia, and the National Disability Insurance Agency (NDIA).

4.38 The non-compliance data analysed in this section are based on self-reporting undertaken by entities and have not been tested by the ANAO for completeness or accuracy.

By category

4.39 Section 8 of the PGPA Act defines ‘finance law’ as the PGPA Act; PGPA Rules; any instrument made under the PGPA Act; or Appropriation Acts. Instruments made under the PGPA Act include the Commonwealth Procurement Rules (CPRs) and the Commonwealth Grants Rules and Guidelines (CGRGs).

4.40 Figure 4.4 shows the ANAO’s analysis of non-compliance by category as identified by entities from 2015–16 to 2018–19.

Figure 4.4: Non-compliance identified by entities, 2015–16 to 2018–19

 

 

Source: ANAO analysis of non-compliance identified by entities.

4.41 Breaches of the CPRs is the most common area of non-compliance reported by entities across all years. In total, there were 9286 instances of non-compliance reported over the four years. Of these, 7497 (80.7 per cent) related to rule 7.16, which requires entities to report contracts entered into or amended over $10,000 on AusTender within 42 days. Table 4.5 breaks down the figures relating to CPR rule 7.16 in greater detail.

Table 4.5: Proportion of non-compliance with CPR rule 7.16

Source: ANAO analysis of non-compliance identified by entities.

4.42 The figures show that for the entities examined in this section, the proportion of identified non-compliance with rule 7.16 has been decreasing over the years.

4.43 The ANAO published an information report in March 2020¹⁰⁹ examining the Australian Government procurement contract reporting on AusTender for 125 entities covered by the CPRs.¹¹⁰ ANAO analysis of AusTender data shows that the length of delays in publishing contract notices, as well as proportion of contract notices that were published late, have been increasing over the last few years (Figure 4.5).

Figure 4.5: Volume and percentage of contract notices published 42 days or more after the reported start date

 

 

Source: ANAO analysis of AusTender data.

4.44 Procurement is an important and substantial activity for the Australian Government. These findings, as well as the statistical significance of negative conclusions in performance audits of procurement activities¹¹¹, shows that greater effort is required across the sector in ensuring procurement activities are undertaken in compliance with the relevant legislative and policy requirements.

4.45 The second highest category of non-compliance identified by entities is in relation to section 23 of the PGPA Act. The provision provides an accountable authority of a non-corporate Commonwealth entity with the power to:

• enter into, vary and administer arrangements, including a contract, agreement, deed or understanding, relating to the affairs of their entity¹¹²; and
• approve commitments of relevant money for which the accountable authority is responsible.¹¹³

4.46 Breaches of section 23 of the PGPA include failure to obtain appropriate delegate approval prior to entering into contracts and exceeding a delegate’s approval. Non-compliance with section 23 has been decreasing over the years.

4.47 With the exception of 2018–19, the majority of instances of non-compliance with the PGPA Act excluding section 23 related to breaches of officer duties under sections 25 and 26 arising from misuse of corporate credit cards. The two sections require Commonwealth officials to exercise powers with care and diligence; and act honestly, in good faith and for a proper purpose.

4.48 In 2018–19, 41 per cent of instances of non-compliance with the PGPA Act, excluding section 23, related to breaches of section 21, which states that:

the accountable authority of a non-corporate Commonwealth entity must govern the entity in accordance with paragraph 15(1)(a) in a way that is not inconsistent with the policies of the Australian Government.

4.49 The provision notes that paragraph 15(1)(a) relates to the duty to promote the proper use and management of public resources for which the accountable authority is responsible. The reported instances of non-compliance with section 21 in 2018–19 specifically entailed breaches of section 83 of the Australian Constitution, whereby no money shall be drawn from the Treasury of the Commonwealth except under appropriation made by law.

4.50 Non-compliance with the CGRGs predominately resulted from entities not meeting the requirement to publish grants on GrantConnect within 21 days.¹¹⁴ Non-compliance in this area has been increasing over the years. In contrast, reported non-compliance with PGPA Rules has fallen to its lowest in four years in 2018–19. The majority of non-compliance with the PGPA Rules relates to sections 18 (failure to document the approvals to enter into arrangements under section 23 of the PGPA Act) and 19 (banking of monies received by officials).

By entity

4.51 This section breaks down the reported instances of non-compliance by entity. To ensure comparability across the years, the ANAO has grouped the findings under the names of entities as revised from the machinery of government (MOG) changes implemented in February 2020. This means, for instance, that non-compliance reported by departments of the Environment and Energy, and Agriculture and Water Resources over the years have been combined under the post-MOG entity, the Department of Agriculture, Water and the Environment.

4.52 As noted at paragraph 4.37, the analysis in this section does not include the Department of Foreign Affairs and Trade, Services Australia and the NDIA, due to their reduced reporting policies.

4.53 Three entities have reported no instances of non-compliance with finance law over the years that were analysed: Australian Postal Corporation; NBN Co Limited; and the Reserve Bank of Australia. These entities have also been excluded from analysis.

4.54 Figure 4.6 shows the total number of non-compliance instances identified by the reporting entities from 2015–16 to 2018–19.

Figure 4.6: Number of non-compliance by entity, 2015–16 to 2018–19

 

 

Source: ANAO analysis of non-compliance identified by entities.

4.55 The Department of Defence (Defence) has identified the highest number of non-compliance over the years, followed by the Department of Home Affairs (Home Affairs). The two entities comprise nearly half (44.9 per cent) of all reported non-compliance over the four years.

4.56 For both entities, the majority of non-compliance instances relate to the breach of CPRs, with Home Affairs recording 546 more instances in this category than Defence. A more detailed breakdown below shows that the number of non-compliance with CPRs in Home Affairs had been decreasing steadily from 2015–16 to 2017–18, before increasing again in 2018–19. In contrast, the vast majority of non-compliance with CPRs in Defence (87.9 per cent) stems from 2017–18.

Figure 4.7: Breakdown of non-compliance with CPRs, Home Affairs and Defence

 

 

Source: ANAO analysis of non-compliance identified by Home Affairs and Defence.

4.57 As analysed at paragraphs 4.41, the majority of non-compliance with CPRs relates to the breach of rule 7.16, which requires entities to report contracts entered into or amended over $10,000 on AusTender within 42 days.

4.58 Section 23 of the PGPA Act is the second highest category of non-compliance. The number of non-compliance with section 23 identified by Defence over the years comprise 48.6 per cent of all non-compliance in that category. Defence has recorded the highest level of non-compliance with section 23 in every financial year, with a slight increase in recent years. Figure 4.8 lists the three entities with the highest levels of non-compliance by financial year.

Figure 4.8: Entities with highest level of PGPA Act section 23 non-compliance

 

 

Source: ANAO analysis of non-compliance identified by entities.

4.59 Defence is followed by the Department of Agriculture, Water and the Environment (15.2 per cent) and Home Affairs (13.7 per cent). The Australian Office of Financial Management (AOFM) has reported no instances of non-compliance with section 23 over the four years. Future Fund Management Agency (FFMA) has reported one instance, and the Australian Taxation Office (ATO) and the Department of Social Services¹¹⁵ have reported two instances of non-compliance with section 23.

4.60 The highest level of non-compliance with the PGPA Act other than section 23 was reported by the Department of Education, Skills and Employment (Education) (28.9 per cent), followed by Home Affairs (16.5 per cent) and Defence (14.7 per cent). The graph below shows that the number of instances of non-compliance in Education spiked in 2017–18. This related to breaches of section 25 of the PGPA Act identified by the then Department of Jobs and Small Business.¹¹⁶

Figure 4.9: Breakdown of non-compliance with PGPA Act (excl. section 23), Education, Home Affairs and Defence

 

 

Source: ANAO analysis of non-compliance identified by entities.

4.61 Home Affairs had a significant increase in findings of non-compliance in 2018–19. The majority of this related to breach of section 21 of the PGPA Act, resulting in potential breach of section 83 of the Australian Constitution.¹¹⁷ Most of the non-compliance instances reported by Defence comprised breaches of sections 25 and 26 of the PGPA Act arising from misuse of corporate credit cards.

4.62 Department of Industry, Science, Energy and Resources (Industry) saw the highest level of non-compliance with CGRGs, followed by Education. The two entities comprise over half (59.9 per cent) of reported non-compliance in this category. The number of non-compliance in Industry has been rising over the years, from no reported non-compliance in 2015–16 to 263 in 2018–19. Conversely, Education saw a sharp decrease in the number of instances of non-compliance in the last two years, from 141 in 2017–18 to no reported non-compliance in 2018–19.

Figure 4.10: Breakdown of non-compliance with section 23, Industry and Education

 

 

Source: ANAO analysis of non-compliance identified by Industry and Education.

4.63 All 650 instances of non-compliance reported by Industry and Education over the four years relate to the breach of web-based reporting requirements in the CGRGs, under which entities must publish grants on GrantConnect within 21 days of the grant agreement taking effect.¹¹⁸

4.64 Figure 4.4 shows that the number of instances of non-compliance in this area has been increasing over the years, growing by 375 per cent from 2015–16 to 2018–19. Timely disclosure and reporting of grants ensure transparency and accountability, and promote public confidence in the administration of grants programs.

4.65 There were a total of 313 instances of non-compliance with PGPA Rules identified by entities examined in this section. Six entities – AOFM; ATO; Department of Finance; Industry; FFMA; and Social Services – reported no instances of non-compliance with PGPA Rules over the four years. Non-compliance identified by Defence comprised 42.5 per cent of total number of non-compliance with PGPA Rules, although the breakdown below shows that it has been decreasing in recent years.

Figure 4.11: Breakdown of non-compliance with PGPA Rules, Defence

 

 

Source: ANAO analysis of non-compliance identified by Defence.

4.66 All but one instance of non-compliance reported by Defence comprised breaches of section 18 of the PGPA Rules, which relates to approval for commitments of relevant money. The one exception was in 2018–19 and related to a breach of section 19 of the PGPA Rules on banking of money received by officials.

4.67 Other entities with high levels of non-compliance are Home Affairs (19.5 per cent) and the Department of Veterans’ Affairs (19.2 per cent). The identified breaches in these two portfolios also relate to sections 18 and 19 of the PGPA Rules.

4.68 The analysis shows that there remain relatively high numbers of non-compliance with various elements of finance law. It is not uncommon for entities to dismiss such findings as not material to their work. However, the rules framework has been put in place to address accountability and transparency. ANAO experience is that repeated breaches of compliances can indicate a culture where compliance is not valued. Such a culture creates risks within entities.

Audit quality

5.3 Audit quality is the provision of timely, accurate and relevant audits, performed independently in accordance with the Auditor-General Act 1997, ANAO Auditing Standards and methodologies which are valued by the Parliament. Delivering quality audits results in improved public sector performance through accountability and transparency.

ANAO quality assurance framework and plan

5.4 Under the requirements of Auditing Standard ASQC 1: Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Services Engagements, the ANAO is required to establish and maintain a system of quality control designed to provide it with reasonable assurance that it complies with the ANAO standards and applicable legal and regulatory requirements, and that reports issued by the ANAO are appropriate in the circumstances. This system of quality control comprises the ANAO quality assurance framework.

5.5 The ANAO maintains a strong and ongoing focus on its quality framework as a core business investment. A sound quality framework supports delivery of high quality audit work, including the opinions and conclusions in the reports prepared for the Parliament. This facilitates Parliament’s confidence that the ANAO operates with independence, and that the audit approach meets the applicable auditing standards.

5.6 The ANAO recognises that a robust quality assurance framework needs to be based on a clear quality strategy that is aligned with risk management framework rather than focusing solely on compliance with auditing standards. Key strategic risks in the ANAO risk register that directly relate to quality include:

• Parliament questioning the ANAO’s ability to execute its mandate;
• ANAO not meeting the Auditing Standards; and
• ANAO forming inaccurate audit opinions.

5.7 To manage these risks and meet its purpose, the ANAO needs to not only undertake work of high quality but also transparently demonstrate to external stakeholders that its work is of a high quality. In July 2019, the ANAO for the first time published its Quality Assurance Framework and Plan for 2019–20 on its website, followed by the 2020–21 Plan in July 2020. This document describes the ANAO’s quality assurance framework and sets out the key quality assurance activities planned for the financial year.

5.8 The ANAO will produce an audit quality report against the 2019–20 plan which will provide transparency in respect of the processes, policies, and procedures that are used to address or support each element of audit quality. The achievement of the quality assurance strategy and deliverables will be reported on to enhance accountability.

5.9 The ANAO’s quality policies and monitoring programs are reviewed on an ongoing basis, and benchmarked against audit offices in other jurisdictions, to ensure the ANAO continues to implement best practice.

External reviews

5.10 External oversight of quality at the ANAO is provided in a number of ways. All audit reports produced by the ANAO are public documents, tabled in the Parliament. The Joint Committee of Public Accounts and Audit (JCPAA) reviews all Auditor-General reports tabled in the Parliament and conducts inquiries into selected reports. These inquiries assist in maintaining quality by addressing the work performed in the audits.

5.11 Section 41 of the Auditor-General Act establishes the position of the Independent Auditor. The Independent Auditor audits the ANAO’s financial statements and conducts performance audits of the ANAO in accordance with sections 44 and 45 of the Auditor-General Act.¹¹⁹ Performance audits conducted by the Independent Auditor are available on the ANAO website.

5.12 The ANAO and the New Zealand Office of the Auditor-General (NZ OAG) have a long standing arrangement to conduct reciprocal performance audit peer reviews annually, on a rotating basis. This arrangement seeks to strengthen performance auditing through the provision of constructive feedback and sharing of better practices. The peer review methodology includes examining two published audit reports against agreed criteria, drawing on information from related planning documents, audit working papers and discussion with ANAO staff. Completed peer reviews by the NZ OAG are published on the ANAO website.

5.13 The ANAO has voluntarily engaged the Australian Securities and Investments Commission (ASIC) annually since 2018 to conduct a review of the ANAO’s quality assurance framework, and perform quality assurance reviews of financial statement audit files. ASIC’s inspection reports are also published on the ANAO website.

Internal reviews

5.14 The ANAO’s internal quality assurance program is part of the monitoring component of the ANAO quality assurance framework. The program is designed to provide assurance that the policies and procedures in the ANAO quality assurance framework are adequate and operating effectively. Monitoring processes include:

• annual quality assurance reviews of completed financial and performance audits covering all of the functions of the ANAO; and
• since 2016, real time quality reviews of in-process financial statements audits.

5.15 In addition to an annual program of internal reviews, in-progress or completed audits may also be reviewed on an ad-hoc basis. These reviews are conducted by the Group Executive Director in the Professional Services and Relationships Group (PSRG) or other relevant specialists in PSRG, who are independent of the performance of the audit. Circumstances that may result in an ad-hoc quality review include parties external to the ANAO raising concerns or questions about the quality of work performed by the ANAO or the evidence supporting a conclusion or finding in an audit.

5.16 Both financial statements and performance audit reviews include an assessment of planning, execution of the audit, quality control processes (such as approvals and sign-offs), reporting and completion. The mix of financial statements and performance audits selected for review comprises audits conducted utilising in-house resources and those undertaken by contracted firms. All deficiencies noted as a result of the monitoring process are evaluated and classified according to an agreed rating scale. Audits are given an overall rating of satisfactory or unsatisfactory.

5.17 As part of each quality assurance review for financial statements and performance audit, the reviewers evaluate the findings identified and conclude whether the deficiencies found, if any, are one-off occurrences or indicative of systemic, repetitive deficiencies. In 2019, the ANAO introduced root-cause analysis to understand more deeply any areas in audit work where there is scope for systemic improvement. The analysis aims to identify how the ANAO can continue to improve its audit practice, as well as needs for training and support on thematic issues, including targeted training. Root cause analysis was conducted over an unsatisfactory audit and thematic moderate findings identified in the 2017–18 and 2018–19 financial statements audits review. A root cause analysis has not yet been deemed necessary to address minor deficiencies identified as part of performance audit reviews.

Better communication

5.18 Over the last five years, re-designing reports, taking a digital first approach, and broadening audit coverage and methodology have been key features of the ANAO’s effort to enable greater access to information for the Parliament and other users. These approaches are designed to: better target key audit messages to interested audiences; enable and promote closer engagement with the audit process; and improve the understanding of the ANAO’s audit work and results.

Improving audit report design

5.19 In 2015–16, significant changes were made to the design of performance audit reports in order to make the reports more accessible and easier to read. These changes included presenting clearer and more concise audit conclusions and summary of recommendations in the beginning of the report. The overall length of the reports was also significantly shortened, from an average of over 100 pages in prior years, down to an average of around 55 pages from 2015–16 onwards.

5.20 In 2016–17, feedback was sought from entities regarding the changes to performance audit report design and structure. The results are outlined in Table 5.1.

Table 5.1: Entity views on changes to performance audit report design and structure

Source: ANAO Annual Report 2016–17.

5.21 The ANAO is continuing to improve the way it communicates the results of audit work. In 2017–18, the ANAO introduced reporting on ‘key learnings for all Australian Government entities’ in performance audit reports. This identifies and makes accessible the learnings and insights arising out of ANAO audits that all Commonwealth entities should consider. The ANAO has also introduced the publication of Audit Insights. These publications identify and discuss common recurring issues, shortcomings and good practice examples, identified through financial statement and performance audit work.

5.22 From November 2019, the ANAO began adding to performance audit reports a simple one-page ‘snapshot’ of the audit, outlining why the audit was conducted, the key facts and conclusions from the audit, and any recommendations made to the audited entity. Audit snapshot is designed to enhance accessibility and more clearly communicate the key audit messages to readers.

Digital-first communication

5.23 The ANAO has adopted a digital-first approach and reduced the number of hard copy reports printed to only those necessary to meet the minimum number required to satisfy parliamentary tabling requirements.

5.24 The ANAO has implemented a range of digital communication approaches that build on the fundamental expectations of principle 6: ‘Communicating effectively with stakeholders’ in ISSAI (International Standards of Supreme Audit Institutions) 12: The Value and Benefits of Supreme Audit Institutions – making a difference to the lives of citizens.

5.25 In April 2016, the ANAO launched a new website with improved functionalities and more accessible content. Significant changes included adding the ability to subscribe to individual audits/reports (including in-progress audits) to receive status updates, and allowing interested parties to contribute information through the website for consideration during the evidence collection stage of a performance audit.

5.26 The ANAO has also taken advantage of the flexible digital medium to more creatively represent website content. The use of interactive graphics, expandable windows for detailed contents, ‘mouseover’ explanatory notes and navigational guides help users engage with the ANAO’s work in a more accessible and meaningful manner.

5.27 In 2019, the website was reorganised to group information about ANAO’s work according to Senate Estimates Committee focus to make contents more accessible to the Parliament.

5.28 The ANAO will continue to introduce improvements to the website, with a focus on increasing the accessibility of audit reports and better addressing the needs of the Parliament.

Coverage of mandate

5.29 The ANAO is focused on exercising the full range of powers under the legislative mandate to deliver audits that are impactful through both their examination of contemporary public administration issues and the clarity with which they deliver their findings.

Expanding performance audit focus

5.30 The ANAO has expanded audit effort towards conducting performance audits of Government Business Enterprises (GBEs) at the request of the JCPAA.¹²⁰ The ANAO has also increased its focus on the earlier implementation phase of programs, with audits specifically examining design considerations, including the quality of advice provided by entities to government to inform its decision-making.¹²¹

Building different reports

5.31 Complementing the increased performance audit coverage, the ANAO has published, to date, eight assurance reviews under subsection 19A(1) and two information reports in accordance with section 25 of the Auditor-General Act. The development of new audit techniques and building different report types allows the ANAO to provide a greater range of assurance and transparency to the Parliament.

5.32 The ANAO is currently considering how it can expand its approach to compliance auditing through a new audit product that enables a deeper assessment of selected entities’ compliance with policies and requirements than can be examined as part of financial or performance audits. A compliance audit is being piloted as part of the 2019–20 financial audit process by examining selected entities’ management of leave accruals and balances in accordance with various human resource policies and requirements. Interim findings have been reported in chapter 3 of Auditor-General Report No. 38 of 2019–20 Interim Report on Key Financial Controls of Major Entities.

Annual Performance Statements

5.33 To support the implementation of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), the ANAO developed a rolling audit program to review entities’ implementation of the annual performance cycle. The ANAO has to date conducted three audits of corporate planning and three audits of annual performance statements, developing and refining the audit methodology for the possible future implementation of mandatory annual audits of performance statements.

5.34 In November 2019, the Minister for Finance made a request under section 40 of the PGPA Act for the ANAO to conduct a pilot program of audits of annual performance statements of Commonwealth entities. Audited performance statements will give the Parliament assurance about the information reported by entities in their annual reports. The pilot audit is currently underway, and will help inform the future shape and coverage of the auditing of performance statements in the Commonwealth. The mandatory annual auditing of performance statements is essential for the effective implementation of this important component of the accountability framework.

Auditing the ‘4 Es’

5.35 The PGPA Act defines proper use or management of public resources to mean efficient, effective, economical and ethical — known as the ‘4 Es’. The majority of performance audits focus on examining the effectiveness of a government program or activity.¹²² Effectiveness audits assess the impact of a policy or program against the government’s objectives, and are an important measure of the public sector’s performance in delivering the intended outcomes.

5.36 In recent years, the ANAO developed and implemented a new audit methodology for undertaking performance audits focussed on efficiency. In a public sector auditing context, efficiency is primarily about entities making the most of available resources — that is, minimising inputs used to deliver the intended policy outputs in terms of quality, quantity and timing. Efficiency is generally relative to some standard, not absolute. Identifying a suitable reference point, benchmark or comparator is an important step in measuring efficiency.

5.37 The ANAO’s methodology for auditing efficiency has, to date, been used in nine audits¹²³ and is based on a general model for assessing public sector performance (Figure 5.1).

Figure 5.1: A general model for assessing public sector performance

 

 

Source: ANAO.

5.38 The methodology recognises that an examination of efficiency needs to be ‘fit-for-purpose’ for each entity or subject matter being audited.

5.39 To date, the ANAO has done little work in assessing the ethical use or management of public resources.¹²⁴ The ANAO is looking to further expand coverage of its mandate to focus on ethical use. This will involve looking beyond technical compliance with the letter of the law, and assessing whether entities have upheld the intent behind applicable legal or policy frameworks and acquitted their decisions in a manner that reflects the public service values of integrity, transparency and accountability.

5.40 In addition to the PGPA Act duties placed on accountable authorities and officials to act ethically¹²⁵, Australian Government officials are bound by the ethical requirements established by frameworks such as the Commonwealth Procurement Rules (CPRs)¹²⁶, Commonwealth Grants Rules and Guidelines (CGRGs)¹²⁷, and the Guidelines on Information and Advertising Campaigns by non-corporate Commonwealth entities.¹²⁸

5.41 Australian Public Service (APS) employees must abide by the APS Values and Code of Conduct under the Public Service Act 1999. These require APS employees to be ethical and impartial; behave honestly and with integrity; take reasonable steps to avoid conflicts of interests; disclose material personal interests; and not improperly use inside information or their position to seek to gain a benefit or an advantage. The APS Commissioner’s Directions 2016 elaborate on the APS Values. Under the directions, being ethical includes ‘acting in a way that is right and proper, as well as technically and legally correct or preferable’.¹²⁹ Ethical behaviour in the public sector thus goes beyond compliance.

5.42 The importance of ethics in government programs has been highlighted in several audits, particularly in procurement and grants administration. A recurring problem noted across these audits is a lack of adequate documentation and records to support the rationale for decisions made and actions undertaken. Even where entities are technically compliant with the rules and policy framework, lack of proper documentation of decision-making processes makes it difficult for entities to be assured that the activity was undertaken with complete integrity and honesty, with all necessary information at hand, and without improper influence or consideration of inappropriate factors.

5.43 In the procurement space, common issues relating to probity and ethics include:

• not recording the reason for single-sourcing or approaching only certain suppliers for limited tender opportunities¹³⁰;
• not providing the decision-maker(s) with all relevant information to enable them to make an informed decision¹³¹;
• not documenting conflicts of interest and/or not managing them appropriately¹³²;
• inappropriate separation of duties, especially between key probity management roles associated with a procurement activity¹³³; and
• improper maintenance of key documents, including retrospectively creating certain documents and leaving them undated.¹³⁴

5.44 For grants administration, similar issues arise with documentation and the management of conflicts of interest for assessors, contractors, consultants, ministerial staff and decision-makers.¹³⁵ Other common issues include:

• no records being made of meetings at which important decisions are taken about the award of grant funding¹³⁶;
• recording of reasons that provide little substantive insight into the basis for the decision, particularly in circumstances where decisions are taken to approve grants that have not been recommended, and/or to not approve grants that have been recommended¹³⁷;
• for non-competitive programs, the guidelines failing to clearly set out why a non-competitive selection process is being employed and how, in the absence of competition, the program has been designed to obtain value for money outcomes from the provision of grant funding¹³⁸; and
• programs being implemented without their own specific guidelines in place, without full disclosure of assessment criteria, or where significant changes to program parameters are not being reflected in amendments to the guidelines.¹³⁹

5.45 The audits referenced above, as well as external reviews such as the Independent Review of the Australian Public Service and the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, emphasise the importance of leadership in modelling ethical behaviour. A culture of integrity in an organisation flows from the standards set by its leaders.

5.46 In the next few years, the ANAO will design an appropriate audit framework against which to test ethics. Greater scrutiny in this area will help ensure that the public sector is looking beyond technical compliance and operating in line with community expectations of integrity and honesty.

Transparency

5.47 The ANAO is committed to demonstrating transparency of its operations. Transparency helps drive performance and accountability, facilitates trust, and leads to better engagement with key partners and stakeholders.

Methodology

5.48 ANAO auditors apply a robust methodology, as set out in the ANAO Audit Manual and supported by standardised documentation tools and templates. Application of this methodology ensures ANAO audits are of a consistent quality and are performed in accordance with the ANAO Auditing Standards. This methodology is regularly reviewed and updated as required for changes in the ANAO Auditing Standards, industry better practice, and new and emerging products, as well as to address findings from the ANAO’s quality assurance program.

5.49 The ANAO Auditing Standards are set under section 24 of the Auditor-General Act, to be complied with in performing the Auditor-General’s functions. The intention is that audits conducted by the ANAO should be conducted to the same standards required of the auditing profession, to the extent that they are not inconsistent with the provisions of the Auditor-General Act and other legislation relevant to the ANAO’s work. The ANAO Auditing Standards incorporate the standards issued by Australian Auditing and Assurance Standards Board (AUASB), and are consistent with the key requirements of the International Standards of Supreme Audit Institutions (ISSAI). The ANAO Auditing Standards adopt the revised ASAE 3500 Performance Engagements (the relevant AUASB standard for performance audits in Australia), except in relation to internal controls (paragraph 33), non-compliance with laws and regulations (paragraph 34) and reporting requirements (paragraph 45). The reporting requirements of ASAE 3500 are replaced with those contained in INTOSAI Standard ISSAI 3000 Standard for Performance Auditing (ISSAI 3000).¹⁴⁰

5.50 On 28 August 2020, the ANAO for the first time published the ANAO Audit Manual on its website. Making the manual publicly available promotes transparency around the audit process, and allows entities being audited to be more fully informed of the methodologies being applied.

Engagement

5.51 The ANAO’s primary relationship is with the Australian Parliament. To demonstrate the relevance and transparency of ANAO’s engagement with the Australian Parliament, in recent years the ANAO has published on its website:

• the receipt of, and responses to, requests for audit from Members and Senators of the Parliament of Australia; and
• briefings provided to parliamentarians and parliamentary committees, on request, about audits and related services.

5.52 In February 2020, the page on the ANAO website listing private briefings to parliamentarians and parliamentary committees was enhanced to allow information about briefings to be published within one working day of the briefing, rather than updated in bulk quarterly. Users can also now subscribe to be notified when new listings are added, and information about individual briefings is searchable on the page as well as through site search. The more frequent updates on the ANAO’s engagements with parliamentarians improves transparency.

5.53 The ANAO also has an important relationship with the accountable authorities of Commonwealth entities, who have primary responsibility for, and control over, entities’ operations. This relationship is also supported by the ongoing engagement undertaken with officials of audited entities and their audit committees. For example, during performance audit engagements, the ANAO seeks to ensure communication throughout the audit such that there are ‘no surprises’ in the final audit report. This approach provides opportunities for entities and other parties to discuss the audit findings during the course of the audit.

Annual audit work program

5.54 The ANAO publishes an annual audit work program (AAWP) in July each year. The program is designed to reflect the ANAO’s audit strategy and inform the Parliament, government entities and the public of the planned audit coverage for the Australian Government sector.

5.55 The AAWP is also designed to anticipate and respond to current and emerging risks and challenges impacting on public administration, and complements the ANAO’s primary strategic planning document, the corporate plan.

5.56 A whole-of-organisation planning process brings together the knowledge and insights gained from the ANAO’s financial statements audit work and the program of performance audits to inform the identification of topics for inclusion in each year’s program. The development of the program also takes into account the views of the Parliament, as presented by the JCPAA, and relevant stakeholders. The ANAO also consults directly with entities subject to financial statements audit coverage and potential performance audit coverage to obtain their views on the program.

5.57 From 2016–17, the ANAO began publishing the draft AAWP on the ANAO website to invite feedback from the public. The release of draft potential performance audit topics on the ANAO’s website provides greater transparency on how decisions on potential audit topics and coverage are made. It also gives an opportunity for members of the public to engage with the process and provide their views.

5.58 In line with the broad discretion in the exercise of powers provided in the Auditor-General Act, additional areas of audit interest beyond those published in the AAWP may be explored at any time. All performance audit topics, and associated audit objective and criteria, are published on the ANAO website once a decision has been made to commence the audit. Any member of the public can provide a contribution to an ANAO audit that is underway.

Corporate disclosures

5.59 The ANAO proactively makes various corporate disclosures in order to ensure that it meets public expectations of integrity, accountability, independence, transparency and professionalism.

5.60 The ANAO gifts and benefits policy recommends that ANAO employees do not accept any gifts or benefits in their role as an employee of the ANAO. Employees are required to report any offered gift or benefit (whether accepted or refused and regardless of estimated value) within 10 business days of the offer being made, through an internal gifts and benefits register. The data collected through the internal register is reported to the ANAO’s Executive Board of Management, and is also reported publicly every month on the ANAO website.

5.61 Expenses incurred by the Auditor-General are disclosed to ensure transparency. The disclosures include domestic and internal travel expenses, administrative expenses, and any gifts and hospitality accepted during the reporting period. The expenses are updated every six months on the ANAO website.

Efficiency

5.62 The ANAO has focused on achieving operational efficiencies to ensure more effective delivery of services and maintain financial sustainability. Through various initiatives outlined in paragraphs 5.19 to 5.28 and below, the ANAO reduced the average cost of performance audits by around 20 per cent over the last five years.

Data analytics

5.63 Building the office’s data analytics capability is a particular priority as the entities the ANAO audits continue to collect, generate and share ever-increasing volumes of data and information. Increased capacity in this space will enable automation of some audit processes and assist in the development of new audit products and services, supporting a focus on high risk areas within entities and driving efficiency within the audit process.

5.64 In November 2017, the Systems Assurance and Data Analytics (SADA) group was established as part of the ANAO’s corporate structure. SADA provides IT audit and data analytics support to the ANAO’s assurance and performance audit work, and leads the testing in cyber security audits. Since its establishment, SADA has focused on innovation and trialling new methods and technologies to increase quality and productivity in ANAO’s audit work. The next phase of SADA’s role would be to ensure standardisation and embedding of these processes within audit products. This will ensure ANAO remains responsive to changes in how government use technology and data.

Accommodation

5.65 The expiry of the ANAO’s previous lease in September 2018 provided a unique opportunity to create an environment that better accommodates the ANAO’s future business and workforce needs. The ANAO’s accommodation project focused on providing an office environment that supports sharing of information, learnings and insights, and collaboration on audit work across audit teams, portfolio branches and service groups.

5.66 In July 2019, it was determined that it was not viable for the ANAO to remain at 19 National Circuit, Barton. At the end of December 2019, the ANAO was permanently relocated to 38 Sydney Avenue, Forrest.

5.67 The ANAO’s new accommodation is based on a neighbourhood design, which provides flexible work spaces together with dedicated areas where teams work within broad portfolios. It also provides opportunities for more collaboration and team work between IT, financial and performance audits, and allows flexibility for the enabling areas of the organisation (PSRG, Corporate Management Group and the data analytics element of SADA) to work with the audit teams as required. The integration of the business units within the ANAO brings together the skills, data and tools from across the organisation, and enhances the ANAO’s ability to fully deliver on the mandate and assist with improving public administration.

5.68 This was achieved with a significantly reduced accommodation footprint compared to the previous building. The move to Sydney Avenue reduced the ANAO’s building footprint by around 800m², encouraging more efficient and sustainable utilisation of available space.

IT transformation

5.69 Transformation of IT has been a key focus of the ANAO to enable access to, and analysis of, audit information securely from anywhere, and simplify business processes by automating where appropriate.

5.70 In July 2018, the ANAO commenced a new IT support contract designed to support and mature technology capability, including:

• transformation to a PROTECTED cloud through Infrastructure-as-a-Service;
• capability to support ANAO’s future business environment, such as technology for new accommodation, improved remote working, collaborative computing, and data analytics;
• introduction of new service support arrangements, such as onsite helpdesk and greater online support;
• new performance framework with service levels that align with critical business needs; and
• focus on building a mature, risk based approach to ANAO’s cyber resilience.

5.71 Along with new IT support, in early 2019 the ANAO rolled out new laptops and wireless peripherals to staff to facilitate a mobile and collaborative workforce and provide flexible, modern equipment that better supports changing audit environment and workplace demands.

5.72 These new IT capabilities enabled the ANAO to respond quickly to the COVID-19 pandemic and support the majority of ANAO staff to work from home from late March 2020. By obtaining remote access to entity systems, audit teams were able to continue progressing with audit work throughout the pandemic.

Workforce capability

5.73 The ANAO is a professional organisation of people with strong technical and specialist skills, employing around 330 staff. It is through these high-quality, high-performing people that the ANAO is able to deliver its purpose to the Parliament. The ANAO maintains an ongoing focus on workforce capability as its biggest investment, ensuring it is suitably skilled for the future.

5.74 Since 2018, the ANAO has focused on building a workforce that is forward looking, risk focused, technologically adept, change orientated and highly adaptive. By sustaining a culture of high performance and professionalism, the ANAO will be able to support increased workforce engagement to deliver organisational outcomes.

5.75 The ANAO considers itself a training organisation, particularly for financial auditors, with active involvement in the work of two professional accounting bodies in Australia: CPA Australia and Chartered Accountants Australia and New Zealand. Staff are encouraged to undertake the Chartered Accountants Program, the CPA Program or other relevant studies through the provision of study leave and financial assistance for study fees. In recognition of the ANAO’s strong commitment to learning and development, the ANAO has ‘knowledge level’ status under CPA Australia’s Recognised Employer Partner program. Key benefits under the program include a simple method for members to demonstrate adherence to CPA Australia’s practical experience and continuing professional development requirements, and a recruitment advantage through promoting the ANAO’s partnership status in a variety of advertising and marketing forums.

5.76 The ANAO also focuses on building up the skills of its performance auditors. Unlike financial auditing, performance auditing is not a distinct discipline with tertiary entry points, and on the job training is thus imperative to ensure ANAO’s performance auditors produce high quality audit products. In the past few years, the ANAO has worked with ACAG to develop a single set of performance audit training material for new performance auditors in Australasia, and in the last year has worked with the Canadian Audit and Accountability Foundation to develop a more robust training agenda for performance auditors.

Footnotes